In a recently uncovered phishing campaign, threat actors are employing malicious PDF files to target mobile device users in potentially more than fifty nations.
Dubbed as the "PDF Mishing Attack," the effort exposes new vulnerabilities in mobile platforms by taking advantage of the general belief that PDFs are a secure file format.
The phishing campaign poses as the United States Postal Service (USPS) to earn consumers' trust and trick them into downloading infected PDFs. Once opened, the hidden links take victims to phishing pages designed to steal credentials.
"PDFs are used extensively for contracts, reports, manuals, invoices, and other critical business communications," said the zLabs team at Zimperium, who uncovered the campaign. “Their ability to incorporate text, images, hyperlinks, and digital signatures while maintaining integrity makes them ideal for enterprises prioritizing professionalism and compliance.”
Hidden in plain sight
Threat analysts at zLabs have been keeping a close eye on the phishing campaign, which targets only mobile devices and poses as the US Postal Service (USPS). It has discovered 630 phishing pages and over 20 malicious PDF files.
“This campaign employs sophisticated social engineering tactics and a never-before-seen means of obfuscation to deliver malicious PDF files designed to steal credentials and compromise sensitive data,” the researchers noted.
Advanced evasion techniques hide clickable malicious URLs within PDF documents, easily bypassing traditional endpoint security solutions. This assault is primarily aimed at mobile device users, capitalising on the limited accessibility that mobile platforms provide while previewing file contents. Unlike desktop platforms, where PDFs are often used with security overlays, mobile devices lack the same safeguards, leaving users vulnerable to covert attacks.
On threat detection
This latest attack highlights the need for enhanced mobile threat defenses. PDFs have long been thought to be safe for sharing and storing information, however this is not the case.
According to an HP Wolf Security report, PDF threats are on the rise. While online criminals used to primarily use PDF lures to steal credentials and financial data via phishing, there has been a shift and an increase in malware distribution via PDFs, including strains such as WikiLoader, Ursnif, and Darkgate.
Zimperium emphasises the value of on-device threat detection to find and eliminate these scourges before they can do any damage because traditional endpoint security systems, which are sometimes made with desktop settings in mind, may not be able to detect sophisticated attacks on mobile platforms.