Millions of people could be affected by phishing PDFs – how to avoid becoming a victim

Researchers have discovered a new phishing campaign that uses malicious PDFs to steal personal information via SMS and email, techradar reports. We tell you the details.

What happened

Researchers from Zimperium have uncovered a new phishing campaign – attackers are using malicious PDF files to steal personal information via SMS and email.

Malicious PDFs contain hidden links that lead to fake websites where attackers steal names, addresses and credit card details. Of particular concern is the method of masking links – instead of standard URLs, graphic overlays are used, which makes it difficult to detect the threat.

It should be noted that mobile devices are particularly vulnerable to such attacks due to their small screen size, which makes it difficult to check the contents of the files. The investigation found more than 20 malicious PDFs and 630 phishing pages targeting people in more than 50 countries.

To protect against such attacks, experts recommend verifying the information from the sender, carefully checking URLs, and avoiding opening links from unknown sources.

Why this is interesting

Microsoft has sued a group of hackers who stole customer credentials and used them to bypass the security mechanisms of its cloud AI products.

In a lawsuit filed in December 2024 in state court Virginia, the company claims that 10 unknown individuals used stolen user credentials to gain access to Azure OpenAI — a platform based on OpenAI technologies. Using the stolen API keys, the attackers created malicious content that violated the service's terms of service.