Cinescop News

Best News Website In Nigeria

Author Info

Cinescop News

Find Me On

Trending News

ENTERTAINMENT
NEWS
MD of Arefleet Executive Solutions Celebrates Sheikh Ridwan Akorede on His Birthday Anniversary
ENTERTAINMENT
NEWS
Olatutu Oladunni, Lagos SWAN Chairman, Receives Fellow of the Institute of Security, Nigeria
EDUCATION
ENTERTAINMENT
๐Ÿ•๐ญ๐ก ๐‹๐ž๐ ๐ข๐ฌ๐ฅ๐š๐ญ๐ข๐ฏ๐ž ๐€๐ซ๐ฆ ๐จ๐Ÿ ๐ˆ๐Ÿ๐š๐ค๐จ-๐ˆ๐ฃ๐š๐ข๐ฒ๐ž ๐‰๐จ๐ข๐ง๐ฌ ๐‹๐š๐ ๐จ๐ฌ ๐’๐ญ๐š๐ญ๐ž ๐€๐ฌ๐ฌ๐ž๐ฆ๐›๐ฅ๐ฒ ๐Ÿ๐จ๐ซ ๐Ÿ๐ŸŽ๐Ÿ๐Ÿ” ๐๐ฎ๐๐ ๐ž๐ญ ๐๐ซ๐ž๐ฌ๐ž๐ง๐ญ๐š๐ญ๐ข๐จ๐ง
EDUCATION
ENTERTAINMENT
NPFL Clarifies Club Licensing Process, Reaffirms Commitment to Standards Following Recent Pitch Criticism

Attackers Up Their Game with Ultra-Realistic PDF Invoice Lures, HP Finds

Admin326 mins

HP Wolf Security Research Reveals Attackers Combining Living-Off-The-Land Techniques to Exploit Detection Blind Spots

HP Inc. (NYSE: HPQ) today released its latest Threat Insights Report, revealing how traditional living-off-the-land and phishing techniques are evolving to evade conventional security detection methods.

LOTL techniquesโ€”where attackers leverage built-in system tools and featuresโ€”have long been favored by cybercriminals. However, HP Threat Researchers warn that increasingly complex campaigns involving multiple, often rare, legitimate binaries make it even more difficult to differentiate malicious activity from normal system behavior.

Drawing on data from millions of endpoints protected by HP Wolf Security, the report analyzes real-world attacks to help organizations stay ahead of emerging threats in an ever-changing cybercrime landscape.

Key campaigns identified include: Ultra-Realistic Fake Adobe Reader Invoice Lures: Attackers embedded a reverse shell scriptโ€”allowing remote control of victimsโ€™ devicesโ€”within a small SVG image disguised as a highly convincing Adobe Acrobat Reader invoice. The fake file included a loading bar animation simulating an upload in progress, increasing the likelihood victims would open it and trigger infection. The attack was geo-restricted to German-speaking regions, limiting exposure and hampering automated detection.

Malware Hidden in Pixel Image Files: Cybercriminals exploited Microsoft Compiled HTML Help files to conceal malicious code within image pixels. These disguised project documents contained an XWorm payload, extracted during a multi-stage infection chain using several LOTL techniques. PowerShell commands ran a CMD script that erased evidence after execution, complicating forensic analysis.Resurgence of Lumma Stealer via IMG Archives: Lumma Stealer remained one of the most active malware families in Q2 2025. Distributed through IMG archive attachments employing LOTL methods to bypass filters and exploit trusted software, the malware persisted despite a May 2025 law enforcement crackdown. Attackers continue registering new domains and expanding infrastructure.

Alex Holland, Principal Threat Researcher at HP Security Lab, states: “Attackers arenโ€™t reinventing the wheel, but theyโ€™re refining their approach. Living-off-the-land tactics, reverse shells, and phishing have been around for years, but todayโ€™s cybercriminals chain these methods together and exploit less obvious file types, like images, to slip past defenses. A simple, lightweight script can achieve what a bulky RAT once didโ€”quickly and quietly, often undetected. “These findings demonstrate the creativity and adaptability of modern threat actors. By embedding malicious code in images, abusing trusted system tools, and tailoring attacks to specific regions, attackers make it increasingly challenging for traditional security tools to detect threats.

HP Wolf Security, by isolating threats missed by detection tools but detonating them safely within secure containers, provides unparalleled insight into evolving cyberattack techniques. To date, HP Wolf Security users have interacted with over 55 billion email attachments, web pages, and downloaded files without reported breaches.The report, covering data from April to June 2025, reveals ongoing diversification of attack vectors used to bypass detection-based security solutions: Over 13% of email threats identified by HP Sure Click evaded one or more email gateway scanners.Archive files were the most common delivery method (40%), followed by executables and scripts (35%).

Attackers continue exploiting trusted archive formats like .rar files (26%) to evade suspicion.

Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., comments: “Living-off-the-land techniques pose a unique challenge for security teams. Itโ€™s a constant balancing act between blocking potentially harmful activity and avoiding disruption for legitimate users. Detection alone wonโ€™t catch everything, so a layered defense strategy including containment and isolation is critical to stopping attacks before damage occurs.”

32 thoughts on “Attackers Up Their Game with Ultra-Realistic PDF Invoice Lures, HP Finds

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News