Phishing Campaign Targets Mobile Users With Malicious PDFs

A new phishing campaign is targeting mobile users by impersonating the United States Postal Service (USPS) and using fake PDF documents to steal sensitive information. Security researchers at Zimperium’s zLabs detailed today this campaign, which utilizes advanced social engineering tactics and a novel method to hide malicious links within PDFs.

The campaign works by sending SMS messages containing seemingly legitimate PDF attachments. These PDFs appear harmless but include hidden links that redirect users to phishing websites. Victims are prompted to provide personal information, such as their name, address, email, and phone number.

By exploiting the trust users place in PDFs as secure, professional documents, attackers have managed to evade detection by many traditional security systems.

The researchers note that PDFs are a staple in business communication, valued for their compatibility and ability to maintain formatting. However, this popularity also makes them a prime target for cybercriminals.

Malicious PDFs can embed links, scripts, or other harmful content that is hard to detect, especially on mobile devices, where users typically preview files with limited scrutiny.

Zimperium’s investigation revealed a large-scale operation involving over 20 malicious PDF files and 630 phishing pages, impacting users across more than 50 countries. The campaign employs a unique evasion technique to obscure malicious links, bypassing many endpoint security tools.

Unlike standard methods that use visible links, these PDFs hide URLs within their structure, making the attack harder to detect, as noted by Zimperium’s analysis.

When victims click the embedded links, they are taken to fake USPS websites designed to look authentic. These phishing pages request personal details under the pretense of resolving delivery issues. Without advanced mobile threat defenses, such attacks can lead to data breaches, credential theft, and financial loss.

This campaign underscores the growing need for advanced security solutions to protect against increasingly sophisticated phishing attacks targeting mobile devices.