Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

ForEx Stat Arb Malware disguised as PDF steals user data

Statistical arbitrage (abbreviated as Stat Arb or StatArb) as opposed to (deterministic) arbitrage, is associated with the statistical mispricing of one or more assets based on the expected value of these assets. (So now you know…).

The attachment in the high-priority email below claims to be a plan for foreign exchange stat arb.

Once extracted – the attachment file named “” reveals an executable file which pretends to be a PDF file (since it presents a PDF icon). Disguising a file as a PDF is a common trick of malware nowadays – users should be wary and should look at the complete file extension.

When the file is executed, it will show a non-malicious PDF file in a fake PDF reader window. The PDF file itself is downloaded from “http://www.people.[REMOVED].edu/~schernen/papers/convertibles.pdf”.

The malware then does the following:

  • Captures all keystrokes and activities as users browse the internet
  • Saves the stolen information in the file “%My Documents%Microsoft Updatesupdates2.txt”
  • Sends the keylogger file via e-mail to “wade[REMOVED][email protected]”.
  • Creates a copy of itself as “%My Documents%Microsoft UpdatesMicrosoft-updates.exe”
  • Creates this autorun Registry for automatic execution at startup “HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun, “Microsoft Updates” = “%My Documents%Microsoft UpdatesMicrosoft-updates.exe”.

Command Antivirus detects this malware as W32/Trojan3.CPW.

On the subject of PDF malware we should point out that Adobe has released security updates for Adobe reader and Acrobat that address 13 vulnerabilities. See info here.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...