TZUTC: -0500   
   MSGID: 52.consprcy@1:2320/105 2c076737   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Millions at risk as malicious PDF files designed to steal your data are   
   flooding SMS inboxes - how to stay safe   
      
   Date:   
   Mon, 03 Feb 2025 22:03:00 +0000   
      
   Description:   
   Hidden in plain sight: Sophisticated malicious PDFs target mobile users   
   worldwide   
      
   FULL STORY   
      
   PDF files, long considered a safe and reliable way to share documents, are    
   now being weaponized by cybercriminals in a sophisticated phishing campaign   
   targeting mobile users.    
      
   New research from Zimperiums zLabs team claims this new threat involves   
   malicious PDFs delivered via SMS messages whose senders impersonate the    
   United States Postal Service (USPS).    
      
   Attackers are using advanced techniques to hide malicious links within the   
   files, exploiting the trust users place in the format to steal sensitive    
   data.   
      
   Why mobile users are vulnerable    
      
   This campaign reportedly targets organizations and individuals in over 50   
   countries with over 20 malicious PDF files and 630 phishing pages identified   
   so far.    
      
   Attacks commence once the victim clicks on the malicious link hidden in the   
   PDF; usually containing requests for personal information, including names,   
   addresses, and credit card details.    
      
   Mobile devices are considered especially vulnerable to this type of attack   
   because, on smaller screens, users have limited visibility into file contents   
   before opening them.    
      
   Malicious links in these PDFs are even more difficult to detect than usual,   
   because the attackers aren't using the standard /URI tag to embed links,   
   allowing the malicious content to evade detection by traditional endpoint   
   security software .    
      
   Although USPS has no involvement, cybercriminals exploit its trusted name to   
   mislead and target users, said Nico Chiaraviglio, Zimperium zLabs' Chief   
   Scientist.    
      
   This campaign shows the growing sophistication and continued rise of mishing   
   attacks, emphasizing the need for proactive mobile security measures, he   
   added.   
      
   How to protect yourself    
      
   One of the most effective ways to stay ahead of this type of attack is to   
   verify the senders details, and the metadata of any attachment you open; even   
   more important measures to take as business email attacks are becoming a   
   bigger threat than ever for businesses .    
      
   You may also want to avoid clicking on links embedded in PDFs or SMS    
   messages. Instead, navigate directly to the official website or use the   
   organizations mobile app.    
      
   Furthermore, to stay safe from malware on mobile devices, ensure youre using   
   the best Android antivirus or best iPhone antivirus software.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/millions-at-risk-as-malicious-pdf-files   
   -designed-to-steal-your-data-are-flooding-sms-inboxes-how-to-stay-safe   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426