Hackers have begun stealing data from Russian companies using phishing files with a "technical specification." This was reported by journalists, citing Angara Security.
The attacks begin with sending emails to employees, where the subject and content are disguised as edits to the technical specifications. The malicious file, hidden in an encrypted archive, looks like a PDF document, but in reality, it is an executable file "Technical Specification No. 119843-28 Incoming N_3435.scr."
When opened, data on the workstation is compromised. A virus is downloaded that sends stolen data via email, as well as a remote access service program. This allows attackers to gain permanent access to data, collecting passwords and other information.
Experts note that all used files are deleted immediately after completing their tasks. It is assumed that attackers can collect information from the desktop version of the Telegram messenger.