Cybersecurity firm Kaspersky says malware disguised as ebooks is tricking people into downloading files that steal passwords and other data. Getty Images
Cybersecurity firm Kaspersky says malware disguised as ebooks is tricking people into downloading files that steal passwords and other data. Getty Images
Cybersecurity firm Kaspersky says malware disguised as ebooks is tricking people into downloading files that steal passwords and other data. Getty Images
Cybersecurity firm Kaspersky says malware disguised as ebooks is tricking people into downloading files that steal passwords and other data. Getty Images

Future

Technology

Arabic ebooks being used to disguise malware, cybersecurity company warns

Turkish titles also being used 'as bait' by cyber criminals

Cody Combs
Cody Combs
Washington

December 12, 2025

Add as a preferred source on Google
  • Play/Pause English
  • Play/Pause Arabic
Bookmark

Cyber criminals are using a new tactic to steal data and financial assets by disguising malware in the form of popular Arabic and Turkish books available for download.

Cybersecurity and digital privacy company Kaspersky identified the malware strategy, and said criminals were using best-selling books “as bait” to steal sensitive information.

“The fake ebooks span diverse interests, including also Turkish business management texts like Tamer Kocel's Isletme Yoneticiligi, contemporary fiction and Arabic literary criticism such as The Literary and Linguistic Movement in the Sultanate of Oman,” Kaspersky said in a news release.

Kaspersky cybersecurity experts say criminals are using 'highly targeted social engineering' to install malware
Kaspersky cybersecurity experts say criminals are using 'highly targeted social engineering' to install malware

Arabic and Turkish versions of John Buchan's 1915 spy novel The Thirty-Nine Steps are also cited as among titles used to disguise malware.

The cybersecurity firm said the books for download appear to be PDFs, but in reality are malicious programmes designed to compromise private user information.

Once compromised, the malware steals browser data such as passwords, cryptocurrency wallet extension plug-ins, AWS cloud credentials and autofill information, among other things.

In some instances, Kaspersky researchers say that the malicious programmes can result in cyber criminals gaining “complete remote control over compromised machines”.

Yossef Abdelmonem, a senior security researcher at Kaspersky, described the malware as being rooted in a “highly targeted social engineering” strategy.

“What makes this campaign particularly concerning is its use of a malware-as-a-service,” he added, referring to LazyGo, a recently discovered malware tool.

“It's a structured operation designed to harvest credentials at scale.”

According to the cyber security firm, Kaspersky, this is what the malicious files ebooks disguised as PDF ebooks look like.
According to the cyber security firm, Kaspersky, this is what the malicious files ebooks disguised as PDF ebooks look like.

According to Kaspersky, the data it uses to track malware and other criminal cyber activity indicates that this strategy is affecting government agencies, educational institutions and IT services.

The cyber criminals are using the popular GitHub platform to promote the books disguising the malware.

To avoid falling victim, Kaspersky recommended users “verify ebook sources before downloading, carefully examine file properties, and maintain updated security software capable of detecting evasive malware techniques”.

Since the dawn of the internet, malware and data breaches have posed problems for users around the world.

In 2024, according to IBM, digital data breaches resulted in about $4.4 million in losses.

Although that is a daunting number, IBM's most recent data breach report shows that this is a 9 per cent decrease from 2023.

Updated: December 12, 2025, 6:06 PM