- A new Phishing campaign is aimed at companies and individuals in more than 50 countries
- Experts warn the attackers are hiding malicious links in PDF using a obfuscation technique never seen before
- Use the best antivirus software and activate advanced mobile threat defense solutions
The PDF files, considered for a long time a safe and reliable way to share documents, are now being armed by cybercriminals in a sophisticated Phishing campaign aimed at mobile users.
New research from the Zlobs of Zimperium states that this new threat involves the malicious PDFs delivered through SMS messages whose senders are made through the United States postal service (USPS).
The attackers are using advanced techniques to hide malicious links within the files, exploiting the trust that users place in the format to steal confidential data.
Why are mobile users vulnerable
According to reports, this campaign is aimed at organizations and individuals in more than 50 countries with more than 20 malicious PDF files and 630 phishing pages identified so far.
The attacks begin once the victim clicks on the malicious link hidden in the PDF; In general, it contains requests for personal information, including names, addresses and details of the credit card.
Mobile devices are considered especially vulnerable to this type of attack because, on smaller screens, users have limited visibility in the content of the file before opening them.
Malicious links in these PDFs are even more difficult to detect as usual, because the attackers do not use the standard /URI label to embed links, which allows malicious content to avoid detection by traditional end -spot security software.
“Although USPS has no participation, cybercounts explode their reliable name to deceive users and attack users,” said Nico Chiaraviglio, head scientist of Zimperium ZLABs.
“This campaign shows the growing sophistication and continuous increase in Miscas attacks, emphasizing the need for proactive mobile security measures,” he added.
How to protect yourself
One of the most effective ways of staying ahead of this type of attack is to verify the details of the sender and the metadata of any attached file that opens; The even more important measures to take as the attacks by commercial email are becoming a threat larger than ever for companies.
You can also avoid clicking links embedded in PDF messages or SMS. Instead, navigate directly to the official website or use the organization’s mobile application.
In addition, to stay safe from malware on mobile devices, be sure to use the best Android antivirus or the best antivirus software for iPhone.
