Hundreds of thousands of emails are hitting inboxes carrying uniquely weaponized PDFs.
Well-established criminal group TA505 has launched a widespread spam campaign designed to infect victims with the FlawedAmmyy RAT. What makes the campaign notable is that it makes use of a brand-new technique: weaponizing PDF files by embedding malicious .SettingContent-ms files inside.
Alert users to be wary of PDF attachments from senders they don't know, and consider showing them what the warning prompt triggered in these cases looks like. Advise them on what to do if they see it. In addition (or alternatively), consider adjusting Windows settings or using a Group Policy Object (GPO) to force .SettingContent-ms files to always open in NotePad (the same approach some admins take with .js files).
You can also create your own .SettingContent-ms file embedded inside a PDF to test your current security on Windows 10 machines (details below).
Get the latest security news, tips, and trends straight to your inbox.