Researchers at Zimperium warn that a large phishing campaign is impersonating the US Postal Service (USPS) to target mobile devices with malicious PDF files.
The goal of the campaign is to direct users to a spoofed USPS website designed to harvest personal information.
“The investigation into this campaign uncovered over 20 malicious PDF files and 630 phishing pages, indicating a large-scale operation,” the researchers write.
“Further analysis revealed a malicious infrastructure, starting with landing pages designed to steal data, that could potentially impact organizations across 50+ countries.
This campaign employs a complex and previously unseen technique to hide clickable elements, making it difficult for most endpoint security solutions to properly analyze the hidden links.”
Notably, the phishing campaign used a new obfuscation technique that allowed the malicious links to evade detection by security products.
“The PDFs used in this campaign embed clickable links without utilizing the standard /URI tag, making it more challenging to extract URLs during analysis,” Zimperium explains. “Our researchers verified that this method enabled known malicious URLs within PDF files to bypass detection by several endpoint security solutions. In contrast, the same URLs were detected when the standard /URI tag was used. This highlights the effectiveness of this technique in obscuring malicious URLs.”
The researchers note that PDFs are commonly used in business settings, so employees need to be wary of attackers using these files to deliver phishing links.
“The widespread use of PDFs is introducing significant security risks to the enterprise, particularly when targeted to mobile devices,” the researchers write. “PDFs have become a common vector for phishing attacks, malware, and exploits due to their ability to embed malicious links, scripts, or payloads. On mobile platforms, where users often have limited visibility into file contents before opening, these threats can easily bypass traditional security measures.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Zimperium has the story.