Researchers have identified a new phishing scam, which lures victims into installing malware using fake customer complaint queries.
According to Bleeping Computer, employees of various companies have received emails from their supposed corporate lawyer, containing a malicious PDF attachment disguised as a customer complaint.
Clicking on the link brings the user to a page containing an executable file: Preview.PDF.exe.
Upon download, the executable file injects itself into the legitimate C:\Windows\system32\svchost.exe folder and connects to the hacker's remote command & control server, sending data and receiving further instructions.
Researchers claim the malware being installed is Cobalt Strike, which provides attackers “full access to the victim's computer and can use it to compromise the rest of the network to install ransomware or steal data to be used for extortion.”
Employees are advised to remain vigilant and exercise caution when clicking on email links and downloading files, regardless of the file extension.