In a recently uncovered phishing campaign, threat actors are employing malicious PDF files to target mobile device users in potentially more than fifty nations.
Dubbed as the “PDF Mishing Attack,” the effort exposes new vulnerabilities in mobile platforms by taking advantage of the general belief that PDFs are a secure file format.
The phishing campaign poses as the United States Postal Service (USPS) to earn consumers’ trust and trick them into downloading infected PDFs. Once opened, the hidden links take victims to phishing pages designed to steal credentials.
“PDFs are used extensively for contracts, reports, manuals, invoices, and other critical business communications,” said the zLabs team at Zimperium, who uncovered the campaign. “Their ability to incorporate text, images, hyperlinks, and digital signatures while maintaining integrity makes them ideal for enterprises prioritizing professionalism and compliance.”
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: