A 'PDF' Just Handed Over Your PC Keys
We all know the drill: an email arrives with an 'Invoice' or 'Purchase Order' attached as a PDF. You click it without thinking. But a new, sophisticated phishing campaign dubbed DEAD#VAX is turning that muscle memory against us.
Cybercriminals are now disguising Virtual Hard Disks (VHDs) as ordinary PDF files. If you open the wrong one, you won't see a document at all - instead, Windows quietly runs a hidden drive that installs a backdoor Trojan called AsyncRAT.
Why this is different (and dangerous)
Unlike older viruses that 'break' into your computer, this method uses legitimate Windows features to slip past the gates:
The malware doesn’t live as a file on your desktop. It hides inside trusted Microsoft processes (like OneDrive or RuntimeBroker), making it incredibly hard for traditional antivirus software to spot.
Once inside, attackers gain hands-on-keyboard access. They can watch your screen, steal saved passwords, and even access your webcam.
The emails often impersonate real companies and use decentralised hosting (IPFS) to make the malicious links harder for security systems to take down.
How to protect your business
To stay safe, we recommend three immediate steps:
Verify the source of your email - never open an unexpected attachment without verifying it through a separate channel (like a quick phone call or a fresh email thread).
Unmask the file extensions of the attachment. Windows often hides file extensions by default so you need to change your settings to show full file extensions. If a file is named invoice.pdf.vhd, Windows might only show you invoice.pdf.
Use modern, real-time anti-malware solutions that are designed to scan for threats hiding in your computer's memory, not just on the hard drive.
Security is about staying one step ahead. If an 'invoice' feels off, it probably is.
Read the full technical breakdown
To learn more about how the DEAD#VAX campaign works and how to spot these fake files, read the full article here.
