How Does This New Scam Work?

In earnest, this scam should be pretty easy to spot, but we’re going to walk you through it just so you don’t fall victim to it on accident.

It starts with a web search. Because the PDFs are chock full of SEO keywords, these malicious links could be within the first page of Google of virtually any topic — from “insurance forms” to “math answers” — giving the appearance of a reputable resource.

Once you’ve clicked that link, the madness begins. You’ll be redirected to between five and seven different Google Sites until you eventually land on “an attacker-controlled site, which imitates Google Drive.” At that point, you’ll be asked to download a file, which will have the malware on it.

Once you’ve done that, you’re in trouble. The malware will scrub your device for personal information, passwords, credit card numbers, and anything else that might be valuable to a hacker.

Read more…