Palo Alto Networks detected massive number of phishing emails containing the Redaman banking trojan targeting emails ending with.ru domain. The Redaman malware is spreading through Russian-language spam emails containing a.pdf pretend file. Once opened, the attached.pdf file does not open directly in Adobe reader but unpack itself to a regular trojan horse, infecting the PC where it is opened. The malware is updated with the capability to detect if the system it runs is a real hardware or a virtual machine.”]
Source: https://hackercombat.com/redaman-banking-trojan-of-2015-resurrects-targets-russian-email-users/