Spam wave dropping trapped  PUB file spotted by security experts at Bitdefender. These PUB file deliver a backdoor which is capable of setting sensitive information’s from corporate information.

When the victim opens the file PUB file it triggers a VBscript and downloads CAB file.

PUB file –> VbScript –> AutoIt script –> Backdoor

This CAB file has an AutoIt script, which is capable of running the script and another file encrypted with AES-256 algorithm.

This encrypted file is actually the backdoor Trojan.

What this backdoor capable of?

  • It can act as a keystroke recorder and record passwords typed into GET forms.
  • Dumb passwords from browsers and email clients.
  • Gather system information and more..


We can scan for rootkit infection with GMER and virustotal


Gurubaran is a PKI Security Engineer. Certified Ethical Hacker, Penetration Tester, Security blogger, Co-Founder & Author of GBHackers On Security.


Leave a Reply