- Matrixpdf Armiza PDF Phishing Kit using javascript embedded and redirection mechanisms
- Imitate legitimate tools, offering trawling import characteristics and drag outcombe
- To stay safe, disable JavaScript, avoid suspicious PDF and use advanced email security tools
A new PHISHING PDF Kit is being sold on the dark website, the advanced promising characteristics of customers, a simple interface and competitive prices, experts have warned.
Varonis security researchers saw Matrixpdf, an advanced solution that is announced as a legitimate tool, despite circulating through the dark network.
Its full name is Matrixpdf: Document Builder – Phishing PDF advanced with JavaScript actions. It is announced as an “elite tool to make realistic simulation PDF adapted for black equipment and cybersecurity awareness training.”
How to defend
“With the PDF importation of drag and release, the previous time view and customizable security overlaps, Matrixpdf offers professional grade phishing scenarios,” says the announcement.
“Protections incorporated as a blur to content, safe redirection mechanism, metadata encryption and authenticity of the Gmail bypass solution and reliable delivery in test environments.”
With Matrixpdf, users can add an URL to the PDF, to which victims will be redirected.
They can add titles, personalized icons and blur the content to seem “protected” against non -authenticated spectators. But its key feature is to incorporate to JavaScript.
Users can alternate JavaScript actions within the PDF, which are activated when the file opens or clicks. The URL of payload, specified in advance, can be automatically opened, as soon as the file is click.
Matrixpdf can also be used to simulate system dialog boxes and show custom alert messages. All these things “effectively turn the PDF into an interactive lure,” the researchers concluded.
The best way to defend armed PDF files is to avoid clicking on the indications in unexpected and unrequented PDF attachments.
This is especially important if the files have “safe” document or blurred overlays.
Users can also disable JavaScript in the PDF reader that blocks integrated scripts and, ultimately, keep up both their email client and PDF reader.
Finally, the use of advanced email security tools, such as AI filters, can detect suspicious overlays, hidden links and malicious redirection behaviors.
Through Bleepingcomputer
