These PDF files should be avoided. Data on iOS and Android systems is stolen by a new electronic scam
A new report from cybersecurity firm Zimperium has warned of an attack campaign that uses PDF files as a tool to steal data from iOS and Android users. The malicious documents contain hidden links that redirect to fraudulent pages without being detected by security systems. According to the research, the threat has already affected devices in more than 50 countries, allowing attackers to steal credentials and other sensitive information.
The report stated that cybercriminals are distributing these files via fraudulent text messages that appear to come from legitimate sources. The danger of this campaign lies in the technique used to hide links within the document. In legitimate PDF files, addresses are often identified by the /URI tag, which allows security systems to detect malicious links. However, attackers have found a way to insert hidden links without this tag, making them more difficult to detect and allowing the scam to go unnoticed.
According to the research, the attackers used this technique to distribute at least 20 malicious PDF files and more than 630 phishing pages, with the amount of activity indicating a large-scale operation. Moreover, some of these files are not only intended to steal crcredentialsut may also contain spyware or Trojans capable of granting remote access to the infected device.
This type of cyberattack is not isolated. In this regard, Microsoft Edge recently implemented new features to prevent this and other cyber scams, as cybercriminals become more sophisticated in evading detection.
Smartphones have become a prime target for attackers due to their widespread use for making payments, storing personal information, and accessing online services. However, many users trust PDF files to be safe, making it easy for them to fall for such scams without questioning their authenticity.
- How to protect yourself from these attacks
To reduce the risk of falling victim to this cyber scam, security experts recommend the following:
- Avoid opening PDF files received via SMS or from unknown senders.
- Disable automatic file downloading in messaging apps.
- Enable two-step authentication on all accounts.
- Always check links before clicking on them, even in PDF files.
- Make sure to update your security software to detect malicious files.
It is essential to be vigilant and always check the source of any document before opening it. The best protection remains caution, common sesense,nd the use of modern security tools to mitigate risks.