PDFSider malware deployed for stealthy Windows backdoor access
Malware Activity
Summary
Hide ▲
Show ▼
The PDFSider malware is being used to deliver payloads on Windows systems, giving attackers a stealthy backdoor for long-term covert access and raising the risk of ransomware follow-on activity.
Related Happenings
Sefirah infostealer delivered through a malicious Hugging Face repository
Malware Activity
First: 09.05.2026 17:26
Last: 09.05.2026 17:26
Sources 1
About this happening:
A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...
Sefirah infostealer delivered through a malicious Hugging Face repository
Malware ActivityAbout this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
Lumma Stealer infection of a Context.ai employee
Malware Activity
First: 23.04.2026 11:40
Last: 23.04.2026 11:40
Sources 1
About this happening:
A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
Lumma Stealer infection of a Context.ai employee
Malware ActivityAbout this happening: A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
Adobe Reader zero-day exploited via malicious PDFs security flaw
Vulnerability
First: 09.04.2026 12:22
Last: 09.04.2026 12:22
Sources 1
About this happening:
**Adobe Reader** is facing an **actively exploited zero-day** delivered through **malicious PDF documents** and observed since at least **December**. The flaw works on the **lates...
Adobe Reader zero-day exploited via malicious PDFs security flaw
VulnerabilityAbout this happening: **Adobe Reader** is facing an **actively exploited zero-day** delivered through **malicious PDF documents** and observed since at least **December**. The flaw works on the **lates...
Latest development: 13.04.2026 18:37
Adobe released an emergency security update for Acrobat Reader to fix CVE-2026-34621 after zero-day exploitation in malicious PDF files. The bulletin says Acrobat DC versions 26.001.21367 and earlier, Acrobat Reader DC versions 26.001.21367 and earlier, and Acrobat 2024 versions 24.001.30356 and earlier are affected, and Adobe recommends updating through Help > Check for Updates or the official installer.
Google Drive ransomware detection reaches general availability and turns on by default
Security Tool/Service
First: 01.04.2026 09:35
Last: 01.04.2026 09:35
Sources 1
About this happening:
**Google Drive**'s **AI-powered ransomware detection** has reached **general availability** and is now **enabled by default** for paying users, expanding automatic protection for...
Google Drive ransomware detection reaches general availability and turns on by default
Security Tool/ServiceAbout this happening: **Google Drive**'s **AI-powered ransomware detection** has reached **general availability** and is now **enabled by default** for paying users, expanding automatic protection for...
Timeline
-
19.01.2026 23:00 2 articles · 4mo ago
PDFSider deployment against a Fortune 100 finance company
Initial DisclosureRansomware attackers targeting a Fortune 100 finance company used PDFSider, a new Windows backdoor, to deliver malicious payloads through spearphishing ZIP archives and DLL side-loading via a signed PDF24 Creator executable from Miron Geek Software GmbH. Resecurity found the malware during incident response, described it as a stealthy long-term backdoor with APT-like characteristics, and said it had been seen in Qilin ransomware activity. The malware loads into memory, uses anonymous pipes and CMD, collects system information, exfiltrates data over DNS, and protects command-and-control traffic with Botan 3.0.0 and AES-256-GCM while trying to evade analysis with RAM-size checks and debugger detection.
Show sources
- New PDFSider Windows malware deployed on Fortune 100 firm's network — www.bleepingcomputer.com — 19.01.2026 23:00
- New PDFSider Windows malware deployed on Fortune 100 firm's network — www.bleepingcomputer.com — 19.01.2026 23:00