PDF Phishing Fiasco: LegionLoader Unleashes Browser Mayhem
Netskope Threat Labs has discovered a new drive-by download campaign that tricks users into downloading LegionLoader malware using fake CAPTCHA and CloudFlare Turnstile. This malicious campaign targets unsuspecting PDF-seekers, ultimately installing a browser extension that filches sensitive data. Stay vigilant, and remember, not every PDF is worth the trouble!
Hot Take:
Who knew searching for PDFs could be so hazardous? As if office workers needed another reason to dread document hunting. Now, instead of just dealing with boring PDFs, you might accidentally end up downloading a browser extension that steals your cookies. Talk about a bitter twist on “you are what you eat”!
Key Points:
– A new phishing and malware campaign exploits the search for PDFs to distribute LegionLoader malware.
– Attackers use fake CAPTCHAs and CloudFlare Turnstile as part of the infection chain.
– The infection involves a VMware-signed app that sideloads a malicious DLL to execute the payload.
– Once installed, the LegionLoader malware delivers a browser extension to steal sensitive data.
– The campaign primarily targets Netskope customers in the tech and financial sectors across North America, Asia, and Southern Europe.