Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe

Date:
Mon, 03 Feb 2025 22:03:00 +0000

Description:
Hidden in plain sight: Sophisticated malicious PDFs target mobile users worldwide

FULL STORY

PDF files, long considered a safe and reliable way to share documents, are
now being weaponized by cybercriminals in a sophisticated phishing campaign targeting mobile users.

New research from Zimperiums zLabs team claims this new threat involves malicious PDFs delivered via SMS messages whose senders impersonate the
United States Postal Service (USPS).

Attackers are using advanced techniques to hide malicious links within the files, exploiting the trust users place in the format to steal sensitive
data.

Why mobile users are vulnerable

This campaign reportedly targets organizations and individuals in over 50 countries with over 20 malicious PDF files and 630 phishing pages identified
so far.

Attacks commence once the victim clicks on the malicious link hidden in the PDF; usually containing requests for personal information, including names, addresses, and credit card details.

Mobile devices are considered especially vulnerable to this type of attack because, on smaller screens, users have limited visibility into file contents before opening them.

Malicious links in these PDFs are even more difficult to detect than usual, because the attackers aren't using the standard /URI tag to embed links, allowing the malicious content to evade detection by traditional endpoint security software .

Although USPS has no involvement, cybercriminals exploit its trusted name to mislead and target users, said Nico Chiaraviglio, Zimperium zLabs' Chief Scientist.

This campaign shows the growing sophistication and continued rise of mishing attacks, emphasizing the need for proactive mobile security measures, he
added.

How to protect yourself

One of the most effective ways to stay ahead of this type of attack is to verify the senders details, and the metadata of any attachment you open; even more important measures to take as business email attacks are becoming a
bigger threat than ever for businesses .

You may also want to avoid clicking on links embedded in PDFs or SMS
messages. Instead, navigate directly to the official website or use the organizations mobile app.

Furthermore, to stay safe from malware on mobile devices, ensure youre using the best Android antivirus or best iPhone antivirus software.

======================================================================
Link to news story: https://www.techradar.com/pro/security/millions-at-risk-as-malicious-pdf-files -designed-to-steal-your-data-are-flooding-sms-inboxes-how-to-stay-safe

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)