iPhone and Android devices are being directly targeted in a sophisticated malware campaign. Security experts warn that opening the wrong PDF file could expose users to credential theft and data breaches.
Malicious PDFs
According to a new report from Zimperium, cybercriminals are using advanced techniques to distribute malware through seemingly harmless PDF files. Unlike traditional phishing attempts, these malicious PDFs contain hidden links that evade security checks, making them harder to detect.
Forbes reports that more than 20 infected PDF files and 630 phishing pages have already been identified, forming part of a larger cybercriminal infrastructure that could impact users in over 50 countries.
How the Attack Works
Hackers disguise their malware-laced PDFs as official messages from trusted organizations, such as the United States Postal Service (USPS). But the same tactic can easily be adapted to impersonate banks, delivery services, or other well-known brands.
Instead of using standard /URI tags — which typically reveal embedded links — attackers are using non-standard methods to hide malicious URLs, making them nearly invisible to traditional security software.
Unlike computers, mobile screens are smaller, making it harder for users to inspect files before opening them. Mobile security tools are also often less robust than desktop solutions.
How to Protect Yourself
To avoid falling victim to this dangerous campaign, the tech magazine Trend advises users to follow these precautions:
Never open PDFs from unknown sources – Even if the sender appears legitimate, verify the file before opening it.
Avoid clicking links in text messages – Phishing attempts often disguise malicious links within urgent or official-looking messages.
Stay alert for phishing tactics – Be cautious of messages pressuring you to open attachments or click on links.
Keep your device updated – Make sure your phone’s security software and operating system are up to date.
While PDF phishing attacks are not new, this latest method makes them far more deceptive and harder to detect.
