Malware Campaign Targets Crypto Wallets With Fake PDF Conversion Software
A malware campaign is exploiting fake PDF to DOCX converters to deliver malicious PowerShell commands, allowing attackers to access crypto wallets and steal sensitive information. The Arechclient2 malware, a variant of SectopRAT, is installed through deceptive websites mimicking legitimate converters like PDFCandy. These sites use loading bars and CAPTCHA to mislead users into downloading an "adobe.zip" file containing the malware. This Remote Access Trojan, active since 2019, facilitates data theft, including browser credentials and cryptocurrency information. CloudSEK recommends using antivirus software, verifying file types, and relying on trusted conversion tools. Cybersecurity experts advise adopting a zero trust mindset, keeping security tools updated, and maintaining strong detection coverage to combat evolving threats. Regular training and preparedness for worst-case scenarios are essential for effective defense.
