All news with #malicious pdf tag

Beware of threats lurking in booby-trapped PDF files

📄 PDF files are a ubiquitous, convenient format that cybercriminals increasingly abuse as lures, with ESET telemetry placing PDFs among the top malicious attachment types. Attack techniques include embedded scripts, hidden links, malformed objects that exploit reader vulnerabilities, and files that merely masquerade as .pdf while actually being executables or archives. Verify sender context, enable Protected View or sandboxing, consider disabling JavaScript in your PDF reader, and scan or sandbox suspicious attachments before opening; when in doubt, confirm via a separate channel.

New MatrixPDF Phishing Technique Targets Gmail Users

📄 Researchers at Varonis have identified a sophisticated phishing toolkit called MatrixPDF that embeds prompts, JavaScript, and external redirects inside seemingly legitimate PDF files to target Gmail users. Attackers exploit Gmail's preview and desktop PDF readers: a blurred preview displays a prompt to 'open secure document' that directs victims to external payloads, while embedded scripts can fetch malware if a user grants permission. Because the malicious content is only retrieved after user interaction, Gmail's automated scanners and attachment sandboxes can be bypassed. Security experts recommend stronger webmail controls, robust attachment sandboxing, endpoint detection, and frequent, realistic user awareness training.