Have you been struck by these “hidden” attacks?
Republished on January 29 as another warning is issued on serious dangers at the opening of these PDFs.
With the landscape of mobile threats worsenIphone and Android users have just been warned that a dangerous attack “exclusively targeting mobile devices” has been caught “flying identification information and sensitive data”. You are now at risk of “a way never seen before” to hide attacks. Not only should you avoid this threat, but you should also determine if you have already been targeted.
The warning comes by way of ZimperiumIncluding the Zlabs team published the complete technical detail behind these new attacks. The basics are all you really need to know. The attackers have designed PDF files with new techniques that bypass existing safety checks, while relying on the omnipresence of these attachments.
The campaign imitates text messages from the United States Postal Service (USPS) sent to mobile devices. But it is the easiest past to change. And you must therefore stop opening PDFs attached to text messages of all well known brand, unless you are sure of being legitimate.
Because PDFs are now so omnipresent, “used widely for contracts, reports, textbooks, invoices and other critical commercial communications”, Zimerium warns that “users have developed a natural but dangerous supposition that all PDFs are sure . And now cybercriminals actively exploit this false confidence. “While I was hoping that user confidence is already changing, given Other PDF attacks In the past few months, I fear that Zimperium will probably be correct.
Message text “USPS” malicious
As Zimperium points out, this empire threat. “PDFs have become a common vector for phishing attacks, malware and exploits because of their ability to integrate malicious ties, scripts or charges.” And on mobiles, with small screens and masked details, the problem is worse. “Users often have limited visibility in the content of the files before opening, these threats can easily bypass traditional security measures.”
In the PDFs, although the links “are generally represented using an A / URI tag”, the attackers determined that by integrating clickable links without using the standard / uri tag “, it has become” more difficult to extract URLs during [security] Analysis… On the other hand, the same URLs were detected when the standard / uri tag was used. This highlights the effectiveness of this technique to obscure malicious URLs. »»
Zimperium says that he identified more than “20 malicious PDF files and 630 pages of phishing with” hidden “links, indicating a large -scale operation.” The campaign seems to be supported by a “malicious infrastructure”, which “could potentially have an impact on organizations in more than 50 countries. This campaign uses a complex and previously invisible technique to mask clickable elements, making most of the terminal safety solutions difficult to correctly analyze hidden links. »»
Despite its intelligence, the attack itself follows the usual model of attracting users to click on a link that brings them to an identification flight page. This is the link that is masked by new obscure techniques. And it’s the common thread.
With a perfect timing, this advice – Do not open such PDFs attached to emails or messages pretending to come from well -known brands, unless you can absolutely guarantee its authenticity – has been reinforced as a result of the Zimperium research .
Palo Alto Networks A Regularly Dangers of phishing attacks linked to the PDF and started it again. The firm Unit 42 warns that a new attack, using “PDF linked to pages of phishing that usant Amazon’s identity”, has just been found. I hope that the fact that we are to have two warnings this week should be sufficiently warned for you to be even more vigilant than usual.
These linked phishing attacks “ask for personal details and data on credit cards”, explains unit 42, and the attack uses its own “camouflage” techniques by “redirecting analyzes and other attempts to analyze Blessed areas ”. The attacks follow this same model, a link leading to another as users are taken on a trip through a multitude of areas recorded by the attackers. In the end, there will be a web page designed to steal information. The only difference – USPS was negotiated against Amazon Prime.
The good news is that attacks are still relatively easy to spot if you are wary of attachment and certainly of any link in attachment. If you to have Click and share all the data, restart your phone and change passwords or other account data that you have shared. If that means stopping credit cards, do it.
To put this in perspective, Palo Alto Networks has reported That inside a year “we noticed a spectacular increase of 1,160% of malicious PDF files – from 411,800 malicious folders at 5,224,056. PDF files are an attractive phishing vector because they are multiplateforms and Allow attackers to engage with users, which makes their patterns more credible as opposed to a textual email with just a simple link. »»
The capture? This report was published in 2020. PDF phishing attacks are not new and were “were”soiled“In recent years. What is interesting here is the combination of new link hiding places techniques and the emphasis on mobile devices. Stay safe, however, remains the same. You should not click On links or open attachments in text messages.
