Malicious PDF Links Hidden in Text Message Scam Impersonating US Postal Service
Published on February 02, 2025 at 01:39AM
SC World reports: A new phishing scam targeting mobile devices was observed using a "never-before-seen" obfuscation method to hide links to spoofed United States Postal Service (USPS) pages inside PDF files, [mobile security company] Zimperium reported Monday. The method manipulates elements of the Portable Document Format (PDF) to make clickable URLs appear invisible to both the user and mobile security systems, which would normally extract links from PDFs by searching for the "/URI" tag. "Our researchers verified that this method enabled known malicious URLs within PDF files to bypass detection by several endpoint security solutions. In contrast, the same URLs were detected when the standard /URI tag was used," Zimperium Malware Researcher Fernando Ortega wrote in a blog post. The attackers send the malicious PDFs via SMS text messages under the guise of providing instructions to retrieve a USPS package that failed to deliver... The phishing websites first displays a form for the victim provide their mailing address, email address and telephone number, and then asks for credit card information to pay a $0.30 "service fee" for redelivery of the supposed package... Zimperium identified more than 20 versions of the malicious PDF files and 630 phishing pages associated with the scam operation. The phishing pages were also found to support 50 languages, suggestion international targeting and possible use of a phishing kit. "Users' trust in the PDF file format and the limited ability of mobile users to view information about a file prior to opening it increase the risk of such phishing campaigns, Zimperium noted." Thanks to Slashdot reader spatwei for sharing the news.
Published on February 02, 2025 at 01:39AM
SC World reports: A new phishing scam targeting mobile devices was observed using a "never-before-seen" obfuscation method to hide links to spoofed United States Postal Service (USPS) pages inside PDF files, [mobile security company] Zimperium reported Monday. The method manipulates elements of the Portable Document Format (PDF) to make clickable URLs appear invisible to both the user and mobile security systems, which would normally extract links from PDFs by searching for the "/URI" tag. "Our researchers verified that this method enabled known malicious URLs within PDF files to bypass detection by several endpoint security solutions. In contrast, the same URLs were detected when the standard /URI tag was used," Zimperium Malware Researcher Fernando Ortega wrote in a blog post. The attackers send the malicious PDFs via SMS text messages under the guise of providing instructions to retrieve a USPS package that failed to deliver... The phishing websites first displays a form for the victim provide their mailing address, email address and telephone number, and then asks for credit card information to pay a $0.30 "service fee" for redelivery of the supposed package... Zimperium identified more than 20 versions of the malicious PDF files and 630 phishing pages associated with the scam operation. The phishing pages were also found to support 50 languages, suggestion international targeting and possible use of a phishing kit. "Users' trust in the PDF file format and the limited ability of mobile users to view information about a file prior to opening it increase the risk of such phishing campaigns, Zimperium noted." Thanks to Slashdot reader spatwei for sharing the news.
Read more of this story at Slashdot.
Comments
Post a Comment