Trump has begun another trade war. Here's a timeline of how we got here
Canada's leader laments lost friendship with US in town that sheltered stranded Americans after 9/11
Chinese EV giant BYD's fourth-quarter profit leaps 73%
You're an American in another land? Prepare to talk about the why and how of Trump 2.0
Chalk talk: Star power, top teams and No. 5 seeds headline the women's March Madness Sweet 16
Purdue returns to Sweet 16 with 76-62 win over McNeese in March Madness
Cybersecurity researchers have uncovered a new mobile-focused attack campaign using deceptive PDF files to steal sensitive data from iPhone and Android users.
Zimperium's zLabs team reported discovering malicious PDF attachments that bypass standard security checks by employing novel techniques to hide clickable links. The attack primarily targets mobile devices, exploiting their smaller screens and limited visibility into file contents.
The campaign mimics text messages from the United States Postal Service (USPS), though researchers warn the tactic could easily be adapted to impersonate other well-known brands.
"Users have developed a dangerous assumption that all PDFs are safe," said a Zimperium spokesperson. "Cybercriminals are actively exploiting that false confidence."
Over 20 malicious PDF files and 630 phishing pages were found during the campaign's examination, suggesting a large-scale operation. Subsequent investigation uncovered a malicious infrastructure that may potentially affect businesses in more than 50 countries, beginning with landing sites intended to steal data. In order to conceal clickable features, this campaign uses a sophisticated and novel technique that makes it challenging for the majority of endpoint security solutions to accurately assess the concealed links.
While the attack ultimately follows familiar patterns of luring users to credential-stealing websites, its effectiveness stems from new obfuscation methods. By embedding clickable links without standard tags, the PDFs can evade many security analysis tools.
"This highlights the effectiveness of this technique in obscuring malicious URLs," the spokesperson added.
Cybersecurity experts advise users to exercise caution when dealing with unexpected PDF attachments, especially those received via text message. They recommend verifying the legitimacy of messages directly with the purported sender before opening any attachments or clicking links.
As mobile devices increasingly become targets for cyberattacks, users are urged to maintain up-to-date security software and remain vigilant against unsolicited messages, even those appearing to come from trusted sources. come from trusted sources.
