Hackers have begun stealing data from Russian companies using phishing files with "technical specifications." This was reported by journalists, citing Angara Security.
The attacks begin with sending emails to employees, where the subject and content are disguised as edits to the technical specifications. The malicious file, hidden in an encrypted archive, looks like a PDF document, but in reality, it is an executable file "Technical Specification No. 119843-28 Ref. N_3435.scr."
When opened, data on the working device is compromised. A virus is downloaded, which sends stolen data via email, and a remote access service program. This is how attackers gain permanent access to data, collecting passwords and other information.
Experts note that all used files are deleted immediately after completing their tasks. It is assumed that attackers can collect information from the desktop version of the Telegram messenger.