PDFSider malware deployed for stealthy Windows backdoor access
Malware Activity
Summary
Hide ▲
Show ▼
The PDFSider malware is being used to deliver payloads on Windows systems, giving attackers a stealthy backdoor for long-term covert access and raising the risk of ransomware follow-on activity.
Related Happenings
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation Wave
H score41
First: 30.06.2026 11:53
Last: 30.06.2026 11:53
Sources 1
About this happening:
CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation WaveAbout this happening: CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
INC ransomware encryptors rewritten in Rust
Malware Activity
H score38
First: 18.06.2026 17:12
Last: 18.06.2026 17:12
Sources 1
About this happening:
INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...
INC ransomware encryptors rewritten in Rust
Malware ActivityAbout this happening: INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...
Major U.S. services company hit by ransomware attack linked to DragonForce
Incident
H score38
First: 16.06.2026 13:18
Last: 16.06.2026 13:18
Sources 1
About this happening:
A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
Major U.S. services company hit by ransomware attack linked to DragonForce
IncidentAbout this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...
AI-built ransomware toolkit with AD discovery and EDR evasion
Malware Activity
H score36
First: 02.06.2026 23:01
Last: 02.06.2026 23:01
Sources 1
About this happening:
A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...
AI-built ransomware toolkit with AD discovery and EDR evasion
Malware ActivityAbout this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...
Sefirah infostealer delivered through a malicious Hugging Face repository
Malware Activity
H score16
First: 09.05.2026 17:26
Last: 09.05.2026 17:26
Sources 1
About this happening:
A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...
Sefirah infostealer delivered through a malicious Hugging Face repository
Malware ActivityAbout this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...
Timeline
-
19.01.2026 23:00 2 articles · 5mo ago
PDFSider deployment against a Fortune 100 finance company
Initial DisclosureRansomware attackers targeting a Fortune 100 finance company used PDFSider, a new Windows backdoor, to deliver malicious payloads through spearphishing ZIP archives and DLL side-loading via a signed PDF24 Creator executable from Miron Geek Software GmbH. Resecurity found the malware during incident response, described it as a stealthy long-term backdoor with APT-like characteristics, and said it had been seen in Qilin ransomware activity. The malware loads into memory, uses anonymous pipes and CMD, collects system information, exfiltrates data over DNS, and protects command-and-control traffic with Botan 3.0.0 and AES-256-GCM while trying to evade analysis with RAM-size checks and debugger detection.
Show sources
- New PDFSider Windows malware deployed on Fortune 100 firm's network — www.bleepingcomputer.com — 19.01.2026 23:00
- New PDFSider Windows malware deployed on Fortune 100 firm's network — www.bleepingcomputer.com — 19.01.2026 23:00