Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor

Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications.

A new cybersecurity threat has been discovered that exploits a common office tool to create a backdoor. The malware, known as PDFSIDER, was recently identified by the research firm Resecurity after a Fortune 100 corporation successfully blocked an attempt to break into its network.

This investigation, which was shared with Hackread.com, reveals a highly organised campaign designed to evade modern security systems.

How Legitimate Software is Being Manipulated

The attack starts with spear-phishing emails that are highly targeted messages that trick victims into downloading a ZIP file. Inside it is a legitimate program called PDF24 App, created by Miron Geek Software GmbH. While the app itself is a real tool for managing documents, the hackers exploit its ...