Zimperium research finds SMishing campaign leveraging carefully crafted PDF files
The campaign is impersonating the USPS
The goal of the campaign is to steal login credentials
Corporate email accounts may be under the watchful eye of different security solutions, but mobile devices aren’t enjoying the same level of protection, experts have warned, as criminals are devising advanced, complex mobile phishing attacks to steal valuable login credentials.
Cybersecurity researchers at Zimperium recently discovered a new campaign using a unique obfuscation technique – they would first build a PDF file, mimicking the United States Postal Service (USPS). The file’s structure is quite complex, the researchers said, as it has a header, body, cross-reference table, and a trailer. The link, which leads to a malicious landing page, is embedded without using the standard /URI tag, which makes detection and forensics somewhat more difficult.
