Summary: A new report from Zimperium reveals a sophisticated phishing campaign attacking mobile users via malicious PDF files, primarily impersonating the United States Postal Service (USPS). Over 20 malicious PDFs and 630 phishing pages were identified, utilizing social engineering techniques to deceive users into sharing sensitive information. The report indicates a significant threat to mobile security due to the misleading nature of PDFs and highlights the need for improved defenses in enterprise environments.
Affected: Mobile Users, Organizations using PDF Files for Communication
Keypoints :
- Attackers use SMS messages with malicious PDF attachments to lure users into providing personal data.
- The PDFs employ non-standard methods to embed links, evading traditional security detection.
- Data collected from users is encrypted and sent to a Command-and-Control server, showcasing sophisticated malware techniques.
- The phishing campaign supports multiple languages, indicating a coordinated effort to reach over 50 countries.
- Enterprise environments, particularly lacking on-device scanning, are at heightened risk of data breaches due to these attacks.
Source: https://securityonline.info/malicious-pdfs-used-in-large-scale-phishing-operation/