This article discusses a sophisticated phishing campaign targeting mobile devices, masquerading as the USPS, leveraging malicious PDFs to deceive users and harvest sensitive data. Over 20 malicious PDFs and 630 phishing pages were identified, indicating a large-scale operation utilizing innovative evasion techniques to hide malicious links. Affected: mobile devices, enterprise security, sensitive data, users.
Keypoints :
- The zLabs team identified a phishing campaign impersonating the USPS, aimed at mobile users.
- This campaign uses malicious PDFs to steal credentials and sensitive data.
- Over 20 malicious PDFs and 630 phishing pages were discovered, indicating a large scale operation.
- PDF files are exploited due to their trusted perception, making users more likely to open them.
- Innovative evasion techniques are applied to bypass endpoint security measures.
- The campaign employs SMS messages to deliver malicious PDFs containing deceptive links.
- Zimperium offers robust protection against such phishing campaigns through its Mobile Threat Defense solutions.
MITRE Techniques :
- T1566.001 β Phishing: The campaign uses SMS messages to deliver malicious PDF documents.
- T1203 β Exploitation for Client Execution: The malicious PDFs exploit usersβ perceived safety of the format to execute attacks.
- T1071.001 β Application Layer Protocol: Malicious communication with C&C servers using HTTPS.
Indicator of Compromise :
- [URL] https://binlist.net
- [URL] https://jytdnuspsjrf.com/update/
Full Story: https://zimperium.com/blog/hidden-in-plain-sight-pdf-mishing-attack