Security researchers found that "9698.rar" was far more sophisticated than a standard virus. Its primary goal was to deploy a on the victim's system:
: The archive often contained a legitimate but modified version of a PDF viewer or a "Secure PDF" reader. 9698.rar
: When a user opened the application, it would use a technique called DLL sideloading to execute a malicious file (often named SecurePDF.dll or similar) hidden within the archive. Security researchers found that "9698
: The specific payload associated with these campaigns is often a backdoor dubbed TouchMove . This allows attackers to: Exfiltrate system information. Download and execute additional malicious payloads. Maintain long-term access to the infected network. Why It Is "Interesting" 9698.rar