Researchers with Cisco Talos report that an ongoing attack in Taiwan is being spread via phishing emails that contain malware attachments.
Targeting businesses and advertising companies, the emails will pose as a legal notice from either a copyright holder a legal representative of a company making a copyright claim. Attached to the message will be a supposed PDF attachment that presents itself as a legal document with details on the complaint.
“The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the victim into downloading and executing malware,” wrote Cisco Talos researcher Joey Chen,
“Another observation we found is that the fake PDF malware uses the names of well-known technology and media companies in Taiwan and Hong Kong. This provides strong evidence that the threat actor conducted thorough research before launching this campaign.”
Once the victim opens the attachment, which presents itself as a PDF but is actually an executable, they are redirected via a Google Appspot.com domain that then routes through another third-party URL shortening service before finally arriving at a Dropbox domain.