However, the file actually contained malware which accessed all user data from browsers, such as locally saved passwords, cookies, and browser preferences. When the file presumably didn't open, the employee went on with the rest of their day.
#SESSION HIJACKING ATTACK PDF#
Because the team member thought the email was legitimate, they extracted the contents and launched what appeared to be a PDF containing the terms of the deal. The email reportedly came from a legitimate-looking source and didn't have obvious red flags like grammatical errors. This is exactly what happened in the incident that affected Sebastian's company, as one of his team members downloaded what appeared to be a sponsorship offer from a potential partner.
As soon as the malware activates, it then steals session cookies, allowing cybercriminals to access the victim's account without the need to enter login credentials. These emails typically contain a malicious attachment that appears to be a PDF but in reality is an executable file capable of introducing malware to the victim's system. How does a threat actor gain access to a session cookie, you ask? They start by sending the victim a phishing email that pretends to be something important (e.g., a message from a close friend or a business invoice).
0 kommentar(er)
