A highly targeted spam campaign aimed at hedge and private equity fund managers has recently been spotted by Barracuda Labs researchers.
The email looks like it has been forwarded a couple of times, and supposedly has a document with details about NSYE carried interest fees attached to it.
Recipients who don’t notice that the file in question is an executable and run it are faced with a PDF that actually contains the information:
Unfortunately, the PDF comes bundled with a keylogger, which secretly installs itself on the victim’s machine and begins recording keystrokes and sending them to a remote server via FTP.
The researchers have managed to follow the traffic to the server, and to peek inside it. They discovered that all the files containing the keystrokes are neatly deposited in a folder and, according to the number of existing folders, the attackers have managed too compromise at least 20 computers so far.
“Never trust an attachment sent to you in email, even if the source appears reputable,” the researchers advise. “In cases like this we suggest you first save the attachment to disk and then send it to the virus scanning service virustotal.com.”