An ongoing phishing campaign is using malicious PDF documents to spread Separ malware and steal victims browser and email credentials. Separ uses a simple but dangerous tactic used by the Separ credential-stealer for evading detection: Using a combination of legitimate executables and short scripts. The malware uses an File Transfer Protocol (FTP) client to upload its stolen data to a legitimate service called freehostia[.]com. The attack has affected around 200 companies and over 1,000 individuals, mainly in Southeast Asia, the Middle East and North America.
Source: https://threatpost.com/separ-malware-credentials-phishing/142009/