Hidden in Plain Sight: PDF Mishing Attack
· Published 27/01/2025 20:08 · Modified 27/01/2025 20:43
Essential information
- Published
- 27/01/2025 20:08
- Modified
- 27/01/2025 20:43
- Tags
- 2025-01-27 credential-theft pdf phishing
- Related entities
- 200 observables, 9 techniques (mitre), 1 others
Description
A sophisticated phishing campaign targeting mobile devices has been discovered, impersonating the United States Postal Service (USPS). The campaign uses a novel obfuscation technique in PDF files to hide malicious links, making detection difficult for many security solutions. The attack exploits users' trust in PDF documents and leverages advanced social engineering tactics. The malicious PDFs contain hidden, clickable elements that redirect users to phishing pages designed to steal personal and financial information. The campaign's infrastructure includes over 20 malicious PDF files, 630 phishing pages, and potential impact across 50+ countries. The attackers use multilingual support and encryption techniques to expand their reach and protect their operations.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (200)
usps.usps.com-parcelvd.vipusps.usps.com-parcelvc.vipusps.usps.com-parcelvb.vipusps.usps.com-parcelva.vipusps.usps.com-parcelbd.vipusps.usps.com-parcelbc.vipusps.usps.com-parcelbb.vipusps.usps.com-parcelba.vipusps.usps.com-parcelad.vipusps.usps.com-parcelac.vipusps.usps.com-parcelab.vipusps.usps.com-parcelaa.vipusps.com-yngunzua.vipusps.com-trackzyn.topusps.com-trackzyi.topusps.com-trackzty.topusps.com-trackzss.topusps.com-trackzrs.topusps.com-trackzrg.topusps.com-trackzpc.topusps.com-trackzku.topusps.com-trackziy.topusps.com-trackzfm.topusps.com-trackzdm.vipusps.com-trackzcg.topusps.com-trackzce.topusps.com-trackyzp.topusps.com-trackyzdd.vipusps.com-trackyzdc.vipusps.com-trackyzdb.vipusps.com-trackyzda.vipusps.com-trackyuzd.vipusps.com-trackyuzc.vipusps.com-trackyuzb.vipusps.com-trackyuza.vipusps.com-trackyux.vipusps.com-trackypr.topusps.com-trackyka.vipusps.com-trackyka.topusps.com-trackycc.topusps.com-trackyaa.topusps.com-trackyap.vipusps.com-trackwyi.topusps.com-trackwsr.topusps.com-trackvttd.vipusps.com-trackvttc.vipusps.com-trackvtta.vipusps.com-trackvttb.vipusps.com-trackutg.topusps.com-trackuri.topusps.com-trackupy.topusps.com-trackuhh.topusps.com-trackudz.topusps.com-trackudj.topusps.com-trackuch.topusps.com-trackuam.vipusps.com-trackuaf.topusps.com-tracktzx.vipusps.com-tracktyn.topusps.com-tracktzs.topusps.com-tracktrn.topusps.com-tracktrg.vipusps.com-tracktqt.vipusps.com-tracktly.vipusps.com-tracktha.topusps.com-tracktgq.vipusps.com-tracktek.topusps.com-tracktee.vipusps.com-tracktdj.vipusps.com-tracktcy.topusps.com-tracktbz.vipusps.com-tracktbx.vipusps.com-tracktbv.vipusps.com-trackszs.topusps.com-trackszk.topusps.com-tracksuz.topusps.com-tracksue.topusps.com-trackstf.topusps.com-tracksjf.topusps.com-trackshg.topusps.com-tracksfy.topusps.com-trackscp.vipusps.com-tracksag.topusps.com-trackryy.topusps.com-trackrrd.topusps.com-trackrkd.topusps.com-trackrfk.vipusps.com-trackpzs.topusps.com-trackpze.topusps.com-trackpyy.topusps.com-trackpoq.vipusps.com-trackpnh.topusps.com-trackpme.topusps.com-trackpkz.vipusps.com-trackpak.topusps.com-trackpah.topusps.com-trackoao.topusps.com-tracknyt.topusps.com-tracknzc.topusps.com-tracknyd.topusps.com-trackmsa.topusps.com-tracknvx.vipusps.com-trackmll.topusps.com-trackmgd.topusps.com-trackmkn.topusps.com-trackmeh.topusps.com-trackmaf.topusps.com-trackkrz.topusps.com-trackkgs.vipusps.com-trackkdk.vipusps.com-trackjzn.topusps.com-trackjtc.topusps.com-trackjrt.topusps.com-trackjpu.topusps.com-trackjpp.topusps.com-trackihj.topusps.com-trackjfz.topusps.com-trackhpu.topusps.com-trackgym.topusps.com-trackgum.topusps.com-trackgse.topusps.com-trackgns.vipusps.com-trackgem.vipusps.com-trackgkh.topusps.com-trackgde.topusps.com-trackgas.topusps.com-trackgcj.topusps.com-trackfzj.topusps.com-trackfty.topusps.com-trackfmh.topusps.com-trackfjk.topusps.com-trackfed.topusps.com-trackffk.topusps.com-tracketf.topusps.com-trackere.topusps.com-tracketd.topusps.com-trackepz.topusps.com-trackemf.topusps.com-trackeni.topusps.com-trackegh.topusps.com-trackeej.topusps.com-trackear.topusps.com-trackdza.topusps.com-trackdyu.topusps.com-trackdre.vipusps.com-trackdjh.topusps.com-trackdaz.topusps.com-trackcgp.topusps.com-trackced.topusps.com-trackbvd.topusps.com-trackazy.topusps.com-trackayt.topusps.com-trackayre.vipusps.com-trackayrc.vipusps.com-trackaszd.vipusps.com-trackaszc.vipusps.com-trackaszb.vipusps.com-trackasza.vipusps.com-trackamr.topusps.com-trackana.topusps.com-trackajc.topusps.com-trackahm.topusps.com-trackags.topusps.com-trackaez.vipusps.com-trackacz.topusps.com-trackacd.topusps.com-trackaau.topusps.com-tayrzptm.vipusps.com-parcelytsbd.vipusps.com-parcelytsbc.vipusps.com-parcelytsbb.vipusps.com-parcelytsba.vipusps.com-parcelyjrrd.vipusps.com-parcelyjrrc.vipusps.com-parcelyjrrb.vipusps.com-parcelyjrra.vipusps.com-parcelyatrd.vipusps.com-parcelyatrc.vipusps.com-parcelyatrb.vipusps.com-parcelyatra.vipusps.com-parcelxxiod.vipusps.com-parcelxxioc.vipusps.com-parcelxxiob.vipusps.com-parcelxxioa.vipusps.com-parceluwqenj.vipusps.com-parceluwqeni.vipusps.com-parceluwqenh.vipusps.com-parceluwqeng.vipusps.com-parceluwqenf.vipusps.com-parceluwqene.vipusps.com-parceluwqend.vipusps.com-parceluwqenc.vipusps.com-parceluwqenb.vipusps.com-parceluwqena.vipusps.com-parcelurzj.vipusps.com-parcelurzi.vipusps.com-parcelurzh.vipusps.com-parcelurzg.vipusps.com-parcelurzf.vipusps.com-parcelurze.vip
Techniques (MITRE) (9)
Others (1)
- United States of America