With the mobile threat landscape worsening, iPhone and Android users have been warned about a dangerous attack targeting mobile devices, stealing credentials and sensitive data. This new threat uses a never-before-seen method to hide attacks, making it crucial to avoid opening suspicious PDFs and consider if you’ve already been targeted.
Zimperium’s zLabs team has published detailed information about these new attacks. The attackers have crafted PDF files using techniques that bypass existing security checks, exploiting the ubiquity of such attachments. The campaign mimics United States Postal Service (USPS) text messages sent to mobile devices, making it essential to avoid opening PDFs from any well-known brand unless you’re certain they’re legitimate.
PDFs are widely used for contracts, reports, manuals, invoices, and other critical business communications. Zimperium warns that users have developed a dangerous assumption that all PDFs are safe, which cybercriminals are now exploiting. The threat is worsening, with PDFs becoming a common vector for phishing attacks, malware, and exploits due to their ability to embed malicious links, scripts, or payloads. On mobile devices, with small screens and masked details, the problem is even more severe.
Attackers have found a way to embed clickable links in PDFs without using the standard /URI tag, making it more challenging to extract URLs during security analysis. This technique effectively obscures malicious URLs, making it difficult for most endpoint security solutions to analyze hidden links properly.
Zimperium has identified more than 20 malicious PDF files and 630 phishing pages with hidden links, indicating a large-scale operation. The campaign is supported by a widespread malicious infrastructure that could potentially impact organizations across 50+ countries. The attack follows the usual pattern of luring users into clicking a link that leads to a credential-stealing webpage, with the link masked by new obfuscation techniques.
PDF phishing attacks have been skyrocketing in recent years. The combination of the new link-hiding technique and the focus on mobile devices makes this threat particularly concerning. To stay safe, avoid clicking links or opening attachments in text messages, as almost all of them are dangerous.
Source: Forbes
