Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Research Finds Phishing Scams Targeting Popular PDF Viewer

    Stu Sjouwerman | May 23, 2024

    Depositphotos_48038577_XLSeveral phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF files.

    “Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader,” the researchers write. “This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands.

    "Check Point Research has observed variants of this exploit being actively utilized in the wild. Its low detection rate is attributed to the prevalent use of Adobe Reader in most sandboxes or antivirus solutions, as Adobe Reader is not susceptible to this specific exploit. Additionally, Check Point Research has observed various exploit builders, ranging from those coded in .NET to those written in Python, being used to deploy this exploit.”

    The malicious PDFs attempt to trick users into granting permission to execute code on the user’s device. The pop-ups that request permission are set to “OK” by default, making it more likely that users will simply accept the request. Check Point has observed at least nine strains of malware being delivered by this technique.

    “This exploit has been used by multiple threat actors, from e-crime to espionage,” the researchers write. “The campaigns have taken advantage of the low detection rate and protection against this exploit where actors have been spotted sharing those malicious PDF files even using nontraditional means such as Facebook.”

    Check Point offers the following recommendations to help users avoid falling for these attacks:

    • “Keep operating systems and applications updated through timely patches and other means
    • Be cautious of unexpected emails with links, especially from unknown senders
    • Enhance cybersecurity awareness among employees
    • Consult security specialists for any doubts or uncertainties”

    New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Check Point has the story.

    Topics: Social Engineering Phishing Security Culture

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All