- A new phishing campaign targets companies and individuals in more than 50 countries
- Experts warn that attackers hide malicious ties in PDFs using an obscure technique never seen before
- Use the best antivirus software and activate the defense solutions for advanced mobile threats
PDF files, which have long been considered a safe and reliable way to share documents, are now armed by cybercriminals in a sophisticated phishing campaign targeting mobile users.
New research from the Zlabs of Zimperium affirm that this new threat involves malicious PDFs delivered via SMS messages whose sender pretending to be the postal service of the United States (USPS).
The attackers use advanced techniques to hide malware in files, exploiting the confidence that users place in the format to steal sensitive data.
Why mobile users are vulnerable
This campaign would target organizations and individuals in more than 50 countries with more than 20 malicious PDF files and 630 pages of phishing identified so far.
The attacks begin once the victim clicks on the malicious link hidden in the PDF; Generally containing requests for personal information, including names, addresses and the details of the credit card.
Mobile devices are considered particularly vulnerable to this type of attack because, on smaller screens, users have limited visibility in the content of the files before opening them.
The malicious links of these PDFs are even more difficult to detect than usual, because the attackers do not use the standard / uri tag to integrate links, allowing malicious content to escape detection by a safety software traditional termination.
“Although the USPS has no involvement, cybercriminals exploit its name of trust to induce and target users,” said Nico Chiaraviglio, chief scientist of Zimperium Zlabs.
“This campaign shows increasing sophistication and the continuous rise in power of mishing attacks, highlighting the need for proactive mobile security measures,” he added.
How to protect yourself
One of the most effective ways to stay in advance on this type of attack is to check the sender details and the metadata of any attachment you open; Even more important measures to take because commercial email attacks become a greater threat than ever for businesses.
You can also avoid clicking on the links integrated in PDF or SMS messages. Instead, go directly to the official website or use the organization’s mobile application.
In addition, to stay away from malware on mobile devices, be sure to use the best Android antivirus or the best iPhone antivirus software.
