Zimperium researchers have discovered a phishing campaign based on malicious PDF files. This campaign, which consists of 20 different booby-trapped PDF files, exclusively targets smartphones. It also includes 630 phishing pages designed to steal personal information, including credit card details.
The PDF file trap
The modus operandi of cybercriminals follows the basics of phishing attacks. First, the hackers will impersonate a well-known company. In this case, the attackers pretend to be USPS, the United States Postal Service. By email or SMS, they will contact their target by claiming that a package "arrived at the distribution center" is not able to be delivered.
This is therefore first and foremost a package delivery scam. This message will arouse the target's curiosity. The hackers attach a PDF file to their message. To learn more and update their address, users are invited to open this PDF file.
As the Zimperium report explains, "this tactic takes advantage of the perception of PDFs as safe and reliable file formats, which makes recipients more likely to open them". In general, Internet users are not suspicious of PDF documents.
A hidden malicious link
Once opened on the smartphone, the PDF will redirect the target to a phishing website. The document actually hides a link to a malicious site. Slipped into the PDF, it escapes detection mechanisms and the vigilance of Internet users. Hackers use an "unconventional technique to integrate the malicious link".
On the site, the victim will be asked to provide personal information in order to finalize the delivery of the package. This is where the trap closes and the criminals get their hands on the data. Subsequently, the scammers will also demand payment of additional fees, always under the pretext of delivery of the package. If the user complies, they will seize their banking details.
The attack also relies on the specificities of displaying documents on mobile. Zimperium emphasizes that users "often have limited visibility on the content of files before opening them" on their smartphone screen. This lack of visibility increases the risk that the target will click on the PDF and obediently follow the instructions.
Through these booby-trapped PDFs, hackers have attacked organizations located in more than 50 countries. This is a large-scale operation, according to investigations conducted by Zimperium researchers. Phishing pages are also available in dozens of languages, including French.
Source: Zimperium
0 Comments