ScoringMathTea remote access trojan delivered by trojanized PDF reader
Malware Activity
Summary
Hide ▲
Show ▼
The ScoringMathTea remote access trojan was delivered through a trojanized open source PDF reader, giving attackers full control of infected systems. The malware was used in March 2025 Operation Dream Job attacks and expanded the impact of the intrusion campaign by turning decoy-job documents into a remote-access foothold.
Related Happenings
UDPGangster backdoor deployed by MuddyWater
Malware Activity
First: 08.12.2025 08:46
Last: 08.12.2025 08:46
Sources 1
About this happening:
The **MuddyWater** group has deployed **UDPGangster**, a new backdoor that uses **UDP C2** to control compromised systems and expand post-compromise access. The malware can **exec...
UDPGangster backdoor deployed by MuddyWater
Malware ActivityAbout this happening: The **MuddyWater** group has deployed **UDPGangster**, a new backdoor that uses **UDP C2** to control compromised systems and expand post-compromise access. The malware can **exec...
InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
Campaign
First: 06.11.2025 17:31
Last: 06.11.2025 17:31
Sources 1
About this happening:
A **Russia-aligned** campaign by **InedibleOchotense** sent **ESET-branded spear-phishing** lures to **multiple Ukrainian entities**, creating a malware-delivery risk. The operati...
InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
CampaignAbout this happening: A **Russia-aligned** campaign by **InedibleOchotense** sent **ESET-branded spear-phishing** lures to **multiple Ukrainian entities**, creating a malware-delivery risk. The operati...
Sandworm data-wiping malware activity against Ukrainian sectors in June and September 2025
Malware Activity
First: 06.11.2025 12:01
Last: 06.11.2025 12:01
Sources 1
About this happening:
**Sandworm (APT44)** deployed **multiple data-wiping malware variants** against **Ukrainian** entities in **June and September 2025**, extending destructive sabotage across vital...
Sandworm data-wiping malware activity against Ukrainian sectors in June and September 2025
Malware ActivityAbout this happening: **Sandworm (APT44)** deployed **multiple data-wiping malware variants** against **Ukrainian** entities in **June and September 2025**, extending destructive sabotage across vital...
Timeline
-
24.10.2025 16:24 1 articles · 7mo ago
ScoringMathTea remote access trojan delivered by trojanized PDF reader
Initial DisclosureIn the initial phase, a **decoy job document** was paired with a **trojanized open source PDF reader** that installed **ScoringMathTea**. That setup converted the lure into a malware delivery path and established remote access on infected systems.
Show sources
- North Korean Hackers Aim at European Drone Companies — www.securityweek.com — 24.10.2025 16:24