{"id":7681,"date":"2018-07-28T02:14:27","date_gmt":"2018-07-28T02:14:27","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/"},"modified":"2018-07-28T02:14:27","modified_gmt":"2018-07-28T02:14:27","slug":"font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/","title":{"rendered":"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app"},"content":{"rendered":"<p>Crooks mounted a crypto-mining scam after hacking into a supplier of an unnamed PDF editor software vendor.<\/p>\n<p>Microsoft has reported that as-yet-unidentified hackers compromised some font packages installed by a PDF editor app. The hack was used to push two types of crypto-currency mining app, the cybercrime <em>du jour<\/em>.<\/p>\n<p>Redmond&#8217;s security response team got wind of the attack after following up alerts generated by Windows Defender ATP, the commercial version of the Windows Defender antivirus.<\/p>\n<p>Subsequent investigations revealed that miscreants broke into cloud-based infrastructure of a supplier to the app maker and others with font packages in the form of MSI files. Six additional app vendors may have been at risk of being redirected to download installation packages from the attacker&#8217;s server. None but the PDF app maker are confirmed as victims.<\/p>\n<p>It seems that the unnamed PDF package was targeted for attack as part of a money-making racket. The app vendor itself was not compromised, rather its partner was pwned before poison was poured into the software mix further upstream.<\/p>\n<p>Hackers created a copy of the partner&#8217;s cloud-based servers before pushing a tainted MSI files download, hidden among unassuming files.<\/p>\n<div class=\"CaptionedImage Border width_85\" readability=\"7\"><a href=\"https:\/\/regmedia.co.uk\/2018\/07\/27\/supply_chain_attack.jpg\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2018\/07\/27\/supply_chain_attack.jpg?x=648&amp;y=318&amp;infer_y=1\" alt=\"Anatomy of a supply chain attack [source: Microsoft blog post]\" title=\"Anatomy of a supply chain attack against PDF editor vendor\" height=\"318\" width=\"648\"\/><\/a><\/p>\n<p class=\"text_center\">Anatomy of a supply chain attack against PDF editor vendor<\/p>\n<\/div>\n<p>&#8220;The malicious MSI file was installed silently as part of a set of font packages; it was mixed in with other legitimate MSI files downloaded by the app during installation,&#8221; <a target=\"_blank\" href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/07\/26\/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks\/\">Microsoft explained<\/a>. &#8220;All the MSI files were clean and digitally signed by the same legitimate company \u2013 except for the one malicious file.<\/p>\n<p>&#8220;The attackers decompiled and modified one MSI file, an Asian fonts pack, to add the malicious payload with the coin-mining code.<\/p>\n<p>&#8220;Using an unspecified weakness (which does not appear to be MITM or DNS hijack), the attackers were able to influence the download parameters used by the [PDF editor] app. The parameters included a new download link that pointed to the attacker server.&#8221;<\/p>\n<p>Tricksy, but let&#8217;s not start thinking the caper was the work of ninja black hats.<\/p>\n<p>&#8220;This new supply chain incident did not appear to involve nation-state attackers or sophisticated adversaries but appears to be instigated by petty cybercriminals trying to profit from coin mining using hijacked computing resources,&#8221; Microsoft added.<\/p>\n<p>Asian users of the PDF editor app ended up downloading a tainted font package that bundled crypto-mining code, which hijacked resources on infected PCs to mine Monero, as per many other crypto mining scams.<\/p>\n<p>The whole exercise is a fine example of a supply chain attack, which was also used to spread the <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/06\/27\/notpetya_anniversary\/\">NotPetya ransomware<\/a> last year. The same tactic was also recently used to serve up spyware disguised as the CCleaner utility in a more subtle <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2017\/09\/21\/ccleaner_secondary_payload_targeted_top_tech_companies\/\">cyber-espionage operation<\/a>.<\/p>\n<p>In the case in point, a PDF editor app loaded with a doctored font was installed with admin privileges, which goes some way towards explaining why the app maker might have been targeted in the first place.<\/p>\n<p>Microsoft reckons the compromise lasted between January and March 2018, and affected only a small number of users, strongly suggesting a fringe developer was targeted.<\/p>\n<p>Redmond concluded: &#8220;While the impact is limited, the attack highlighted two threat trends: (1) the escalating frequency of attacks that use software supply chains as threat vector, and (2) the increasing use of cryptocurrency miners as primary means for monetising malware campaigns.&#8221; \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1787\/-6625\/following-bottomlines-journey-to-the-hybrid-cloud?td=wptl1787\">Following Bottomline\u2019s journey to the Hybrid Cloud<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2018\/07\/27\/pdf_editor_supply_chain\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers clone supplier&#8217;s cloud servers to push tainted MSI files Crooks mounted a crypto-mining scam after hacking into a supplier of an unnamed PDF editor software vendor.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":7682,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-7681","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-28T02:14:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"648\" \/>\n\t<meta property=\"og:image:height\" content=\"318\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app\",\"datePublished\":\"2018-07-28T02:14:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/\"},\"wordCount\":576,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/\",\"name\":\"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg\",\"datePublished\":\"2018-07-28T02:14:27+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg\",\"width\":648,\"height\":318},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/","og_locale":"en_US","og_type":"article","og_title":"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-07-28T02:14:27+00:00","og_image":[{"width":648,"height":318,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app","datePublished":"2018-07-28T02:14:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/"},"wordCount":576,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/","url":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/","name":"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg","datePublished":"2018-07-28T02:14:27+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app.jpg","width":648,"height":318},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/font-of-pwnage-crims-poison-well-with-crypto-jacking-code-trickles-into-pdf-editor-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Font of pwnage: Crims poison well with crypto-jacking code, trickles into PDF editor app"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/7681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=7681"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/7681\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/7682"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=7681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=7681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=7681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}