Cybersecurity researchers have uncovered a new, highly stealthy Windows malware strain dubbed PDFSider that was used in a targeted attempt against a Fortune 100 financial firm.
Unlike commodity ransomware that loudly encrypts files, PDFSider behaves more like an advanced persistent threat (APT) by:
Thank you for reading this post, don't forget to subscribe!
- Exploiting trusted software to hide its payload
- Embedding itself mainly in memory to avoid detection
- Using encrypted command-and-control channels to receive instructions
- Leveraging DLL side-loading — tricking Windows into loading malicious code through a legitimate application
- Trick employees with sophisticated social engineering to install remote support tools that open the network door for attackers
Because it blends in with legitimate activity and uses encrypted backdoors, PDFSider doesn’t look like a typical “virus” to your antivirus or endpoint detection systems, making it dangerously effective for long-term access and espionage-style attacks. Check out our managed services to see how we help protect our clients.
How the Attack Worked
Cybercriminals didn’t just knock on the network, they socially engineered employees into helping them. The attack chain included:
- Spear-phishing emails targeting specific individuals
- A ZIP file containing a trusted PDF application (signed and benign) plus a malicious DLL
- When launched, the legitimate app unknowingly loaded the malware
- Once active, the malware opened a covert remote shell with encrypted communications
- Attackers could then survey systems, move laterally, and prepare follow-on actions with minimal visibility
This approach, combining phishing with covert execution, is a growing trend among sophisticated threat actors because it evades traditional defenses.
What This Means for Your Business
If a Fortune 100 company with enterprise defenses can be targeted by advanced malware, your business is also at risk, especially if:
- You rely on remote support tools or unmanaged software installs
- You lack well-configured email filtering and multi-factor authentication
- You don’t actively monitor for anomalous remote access or abnormal DNS traffic
- You haven’t trained users on evolving phishing threats
Modern malware doesn’t crash your files, it hides, waits, and blends in with normal operations. That’s why detection and response must evolve too.
How SofTouch Systems Helps Prevent & Recover from Attacks Like PDFSider
At STS, we approach cybersecurity from three strategic pillars, Prevent, Detect, Recover:
1. Prevent: Harden Your Environment
We help you:
- Design and implement robust endpoint protections that go beyond signature-based antivirus
- Configure secure remote access and block unauthorized use of tools like Quick Assist
- Deploy secure email gateways and phishing defenses that catch malicious ZIPs and spear-phish attempts
- Enforce strong password policies and multi-factor authentication
Why it matters: PDFSider infections begin with tricking users and exploiting trusted apps, reducing opportunities for these attacks is step one.
2. Detect: See What Others Miss
STS offers continuous monitoring tools and threat hunting services that:
- Detect telltale signs of DLL side-loading and in-memory malware
- Correlate system events with suspicious network traffic (like encrypted DNS activity)
- Alert your team in real time when anomalous remote sessions start
Why it matters: Threats like PDFSider avoid disk artifacts and may bypass AV, real detection requires smarter monitoring than legacy tools.
3. Recover: Minimize Damage If You’re Hit
We support strong recovery protocols including:
- Incident response planning and tabletop exercises
- Rapid remediation, forensic analysis, and threat eradication
- Backup integrity checks and restoration services
- Post-breach hardening to ensure the same attack doesn’t happen again
Why it matters: Ransomware and backdoor malware can lie dormant before unleashing damage, having a practiced response plan saves time and money.
In a World of Stealthy Malware, Visibility Is Your Best Defense
PDFSider exemplifies how threat actors are shifting away from noisy, loud attacks toward stealth, persistence, and deception. Simple antivirus and reactive defenses aren’t enough.
With STS as your cybersecurity partner, you gain:
- Smart detection tuned to real threats
- Defense-in-depth protections for endpoints and networks
- Practical user-focused training and resilient recovery plans
If your business hasn’t done a deep security assessment in the last 12 months, or you’re unsure where your biggest risks lie, let’s talk about a tailored cybersecurity strategy.
Know What’s Running on Your Network Before Attackers Do
Advanced malware like PDFSider doesn’t announce itself. It hides, blends in, and waits. If you’re unsure whether your current tools would even detect an attack like this, it’s time for a closer look.
Schedule a Free Security Risk Review with SofTouch Systems and find out:
- What your antivirus can’t see
- Where attackers would likely gain persistence
- How fast you could realistically recover
No pressure. No scare tactics. Just clear answers.
Discover more from SofTouch Systems
Subscribe to get the latest posts sent to your email.