pdfescape
PDFescape Desktop installer trojanized to drop redirector
Minerva Labs and Malwarebytes disclosed in July 2018 that the official PDFescape Desktop installer distributed from the vendor's website was modified to side-load a malicious DLL that ran when the legitimate installer executed. The malicious component acted as a redirector / loader, using the trusted installer process to evade detection. The trojanized installer was signed and offered through PDFescape's normal download channel until the vendor was notified and pulled it.
- Date
- 2018-07-01 to 2018-07-31
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Website compromise
What Was Affected
Package
pdfescape
Languagec++
ComponentApplication
Artifact typebinary archive
Domain typevendor
Domain
pdfescape.com
Incident Context
- Attribution
- Unknown attacker
- Transitive
- No
- Observed Duration
- 30 days
External References
Source Data
Source record: proprietary/pdfescape/meta.yaml