ShadowRoot Ransomware Attacking Organizations With Weaponized PDF Documents

A rudimentary ransomware targets Turkish businesses through phishing emails with “.ru” domain sender addresses. Clicking a PDF attachment’s link triggers downloading a malicious executable from a compromised GitHub account.  The executable encrypts crucial files with the “.shadowroot” extension, highlighting a wider trend of ransomware attacks using phishing emails to deploy payloads, demonstrating the ongoing threat to various industries globally.  malicious URL from pdf The analyzed executable is a malicious 32-bit Borland Delphi 4.0 binary that drops several files, including RootDesign.exe and Uninstall.exe, which are likely components of a malware program designed to infiltrate a system and carry out malicious activities.

Source: GBHackers

 


Date:

Categorie(s):