- The MatrixPDF phishing kit weapons PDF using JavaScript and integrated redirection mechanisms
- He imitates legitimate tools, offering an import to drag and drop, a blur of content and gmail bridging functions
- To stay safe, deactivate JavaScript, avoid suspect PDF and use advanced email safety tools
A new PDF phishing kit is sold on the Dark web, advanced features of promising customers, a simple interface and competitive prices, have warned experts.
Varonis safety researchers have spotted MatrixPDF, an advanced solution being announced as a legitimate tool, although it is broadcast around the dark web.
His full name is MatrixPDF: Builder Document – Advanced PDF Phishing with JavaScript actions. It is announced as an “elite tool for manufacturing realistic simulation PDF adapted to black teams and the training of awareness of cybersecurity”.
How to defend
“With the PDF draft of drag and drop, the preview in real time and customizable safety superpositions, MatrixPDF provides professional quality phishing scenarios”, indicates the ad.
“Integrated protections, such as blurred, secure redirection mechanism, metadata encryption and Gmail bridging authenticity and reliable delivery in testing environments.”
With MatrixPDF, users can add an URL to the PDF, to which the victims will be redirected.
They can add titles, personalized icons and blur the content to seem to be “protected” against non -authenticated viewers. But its key characteristic is the integration of JavaScript.
Users can switch to JavaScript actions inside the PDF, which are triggered when the file is open or clicked. The payload, specified in advance, can then be open automatically, as soon as the file is clicked.
MatrixPDF can also be used to simulate system dialog boxes and display personalized alert messages. All these things “effectively transform the PDF into an interactive lure”, concluded the researchers.
The best way to defend yourself against armed PDF files is to avoid clicking on prompts in unexpected and unsolicited PDF attachments.
This is particularly important if the files have “Open the secure document” or blurred overlays.
Users can also deactivate JavaScript in the PDF player that blocks integrated scripts, and finally – keep your courier client and your PDF player up to date.
Finally, the use of advanced e-mail safety tools, such as filters supplied by AI, can detect suspicious overlays, hidden links and malicious redirection behaviors.
Via Bleeping Compompute
