{ "name": "Hidden in Plain Sight: PDF Mishing Attack", "slug": "hidden-in-plain-sight-pdf-mishing-attack", "description": "A sophisticated phishing campaign targeting mobile devices has been discovered, impersonating the United States Postal Service (USPS). The campaign uses a novel obfuscation technique in PDF files to hide malicious links, making detection difficult for many security solutions. The attack exploits users' trust in PDF documents and leverages advanced social engineering tactics. The malicious PDFs contain hidden, clickable elements that redirect users to phishing pages designed to steal personal and financial information. The campaign's infrastructure includes over 20 malicious PDF files, 630 phishing pages, and potential impact across 50+ countries. The attackers use multilingual support and encryption techniques to expand their reach and protect their operations.", "published": "2025-01-27T19:08:47+00:00", "created_at": "2025-01-27T19:08:47+00:00", "modified_at": "2025-01-27T19:43:39+00:00", "created_at_opencti": "2025-01-27T19:08:47+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-01-27", "credential-theft", "pdf", "phishing" ], "related_entities": { "observables": [ { "id": "", "name": "usps.usps.com-parcelvd.vip" }, { "id": "", "name": "usps.usps.com-parcelvc.vip" }, { "id": "", "name": "usps.usps.com-parcelvb.vip" }, { "id": "", "name": "usps.usps.com-parcelva.vip" }, { "id": "", "name": "usps.usps.com-parcelbd.vip" }, { "id": "", "name": "usps.usps.com-parcelbc.vip" }, { "id": "", "name": "usps.usps.com-parcelbb.vip" }, { "id": "", "name": "usps.usps.com-parcelba.vip" }, { "id": "", "name": "usps.usps.com-parcelad.vip" }, { "id": "", "name": "usps.usps.com-parcelac.vip" }, { "id": "", "name": "usps.usps.com-parcelab.vip" }, { "id": "", "name": "usps.usps.com-parcelaa.vip" }, { "id": "", "name": "usps.com-yngunzua.vip" }, { "id": "", "name": "usps.com-trackzyn.top" }, { "id": "", "name": "usps.com-trackzyi.top" }, { "id": "", "name": "usps.com-trackzty.top" }, { "id": "", "name": "usps.com-trackzss.top" }, { "id": "", "name": "usps.com-trackzrs.top" }, { "id": "", "name": "usps.com-trackzrg.top" }, { "id": "", "name": "usps.com-trackzpc.top" }, { "id": "", "name": "usps.com-trackzku.top" }, { "id": "", "name": "usps.com-trackziy.top" }, { "id": "", "name": "usps.com-trackzfm.top" }, { "id": "", "name": "usps.com-trackzdm.vip" }, { "id": "", "name": "usps.com-trackzcg.top" }, { "id": "", "name": "usps.com-trackzce.top" }, { "id": "", "name": "usps.com-trackyzp.top" }, { "id": "", "name": "usps.com-trackyzdd.vip" }, { "id": "", "name": "usps.com-trackyzdc.vip" }, { "id": "", "name": "usps.com-trackyzdb.vip" }, { "id": "", "name": "usps.com-trackyzda.vip" }, { "id": "", "name": "usps.com-trackyuzd.vip" }, { "id": "", "name": "usps.com-trackyuzc.vip" }, { "id": "", "name": "usps.com-trackyuzb.vip" }, { "id": "", "name": "usps.com-trackyuza.vip" }, { "id": "", "name": "usps.com-trackyux.vip" }, { "id": "", "name": "usps.com-trackypr.top" }, { "id": "", "name": "usps.com-trackyka.vip" }, { "id": "", "name": "usps.com-trackyka.top" }, { "id": "", "name": "usps.com-trackycc.top" }, { "id": "", "name": "usps.com-trackyaa.top" }, { "id": "", "name": "usps.com-trackyap.vip" }, { "id": "", "name": "usps.com-trackwyi.top" }, { "id": "", "name": "usps.com-trackwsr.top" }, { "id": "", "name": "usps.com-trackvttd.vip" }, { "id": "", "name": "usps.com-trackvttc.vip" }, { "id": "", "name": "usps.com-trackvtta.vip" }, { "id": "", "name": "usps.com-trackvttb.vip" }, { "id": "", "name": "usps.com-trackutg.top" }, { "id": "", "name": "usps.com-trackuri.top" }, { "id": "", "name": "usps.com-trackupy.top" }, { "id": "", "name": "usps.com-trackuhh.top" }, { "id": "", "name": "usps.com-trackudz.top" }, { "id": "", "name": "usps.com-trackudj.top" }, { "id": "", "name": "usps.com-trackuch.top" }, { "id": "", "name": "usps.com-trackuam.vip" }, { "id": "", "name": "usps.com-trackuaf.top" }, { "id": "", "name": "usps.com-tracktzx.vip" }, { "id": "", "name": "usps.com-tracktyn.top" }, { "id": "", "name": "usps.com-tracktzs.top" }, { "id": "", "name": "usps.com-tracktrn.top" }, { "id": "", "name": "usps.com-tracktrg.vip" }, { "id": "", "name": "usps.com-tracktqt.vip" }, { "id": "", "name": "usps.com-tracktly.vip" }, { "id": "", "name": "usps.com-tracktha.top" }, { "id": "", "name": "usps.com-tracktgq.vip" }, { "id": "", "name": "usps.com-tracktek.top" }, { "id": "", "name": "usps.com-tracktee.vip" }, { "id": "", "name": "usps.com-tracktdj.vip" }, { "id": "", "name": "usps.com-tracktcy.top" }, { "id": "", "name": "usps.com-tracktbz.vip" }, { "id": "", "name": "usps.com-tracktbx.vip" }, { "id": "", "name": "usps.com-tracktbv.vip" }, { "id": "", "name": "usps.com-trackszs.top" }, { "id": "", "name": "usps.com-trackszk.top" }, { "id": "", "name": "usps.com-tracksuz.top" }, { "id": "", "name": "usps.com-tracksue.top" }, { "id": "", "name": "usps.com-trackstf.top" }, { "id": "", "name": "usps.com-tracksjf.top" }, { "id": "", "name": "usps.com-trackshg.top" }, { "id": "", "name": "usps.com-tracksfy.top" }, { "id": "", "name": "usps.com-trackscp.vip" }, { "id": "", "name": "usps.com-tracksag.top" }, { "id": "", "name": "usps.com-trackryy.top" }, { "id": "", "name": "usps.com-trackrrd.top" }, { "id": "", "name": "usps.com-trackrkd.top" }, { "id": "", "name": "usps.com-trackrfk.vip" }, { "id": "", "name": "usps.com-trackpzs.top" }, { "id": "", "name": "usps.com-trackpze.top" }, { "id": "", "name": "usps.com-trackpyy.top" }, { "id": "", "name": "usps.com-trackpoq.vip" }, { "id": "", "name": "usps.com-trackpnh.top" }, { "id": "", "name": "usps.com-trackpme.top" }, { "id": "", "name": "usps.com-trackpkz.vip" }, { "id": "", "name": "usps.com-trackpak.top" }, { "id": "", "name": "usps.com-trackpah.top" }, { "id": "", "name": "usps.com-trackoao.top" }, { "id": "", "name": "usps.com-tracknyt.top" }, { "id": "", "name": "usps.com-tracknzc.top" }, { "id": "", "name": "usps.com-tracknyd.top" }, { "id": "", "name": "usps.com-trackmsa.top" }, { "id": "", "name": "usps.com-tracknvx.vip" }, { "id": "", "name": "usps.com-trackmll.top" }, { "id": "", "name": "usps.com-trackmgd.top" }, { "id": "", "name": "usps.com-trackmkn.top" }, { "id": "", "name": "usps.com-trackmeh.top" }, { "id": "", "name": "usps.com-trackmaf.top" }, { "id": "", "name": "usps.com-trackkrz.top" }, { "id": "", "name": "usps.com-trackkgs.vip" }, { "id": "", "name": "usps.com-trackkdk.vip" }, { "id": "", "name": "usps.com-trackjzn.top" }, { "id": "", "name": "usps.com-trackjtc.top" }, { "id": "", "name": "usps.com-trackjrt.top" }, { "id": "", "name": "usps.com-trackjpu.top" }, { "id": "", "name": "usps.com-trackjpp.top" }, { "id": "", "name": "usps.com-trackihj.top" }, { "id": "", "name": "usps.com-trackjfz.top" }, { "id": "", "name": "usps.com-trackhpu.top" }, { "id": "", "name": "usps.com-trackgym.top" }, { "id": "", "name": "usps.com-trackgum.top" }, { "id": "", "name": "usps.com-trackgse.top" }, { "id": "", "name": "usps.com-trackgns.vip" }, { "id": "", "name": "usps.com-trackgem.vip" }, { "id": "", "name": "usps.com-trackgkh.top" }, { "id": "", "name": "usps.com-trackgde.top" }, { "id": "", "name": "usps.com-trackgas.top" }, { "id": "", "name": "usps.com-trackgcj.top" }, { "id": "", "name": "usps.com-trackfzj.top" }, { "id": "", "name": "usps.com-trackfty.top" }, { "id": "", "name": "usps.com-trackfmh.top" }, { "id": "", "name": "usps.com-trackfjk.top" }, { "id": "", "name": "usps.com-trackfed.top" }, { "id": "", "name": "usps.com-trackffk.top" }, { "id": "", "name": "usps.com-tracketf.top" }, { "id": "", "name": "usps.com-trackere.top" }, { "id": "", "name": "usps.com-tracketd.top" }, { "id": "", "name": "usps.com-trackepz.top" }, { "id": "", "name": "usps.com-trackemf.top" }, { "id": "", "name": "usps.com-trackeni.top" }, { "id": "", "name": "usps.com-trackegh.top" }, { "id": "", "name": "usps.com-trackeej.top" }, { "id": "", "name": "usps.com-trackear.top" }, { "id": "", "name": "usps.com-trackdza.top" }, { "id": "", "name": "usps.com-trackdyu.top" }, { "id": "", "name": "usps.com-trackdre.vip" }, { "id": "", "name": "usps.com-trackdjh.top" }, { "id": "", "name": "usps.com-trackdaz.top" }, { "id": "", "name": "usps.com-trackcgp.top" }, { "id": "", "name": "usps.com-trackced.top" }, { "id": "", "name": "usps.com-trackbvd.top" }, { "id": "", "name": "usps.com-trackazy.top" }, { "id": "", "name": "usps.com-trackayt.top" }, { "id": "", "name": "usps.com-trackayre.vip" }, { "id": "", "name": "usps.com-trackayrc.vip" }, { "id": "", "name": "usps.com-trackaszd.vip" }, { "id": "", "name": "usps.com-trackaszc.vip" }, { "id": "", "name": "usps.com-trackaszb.vip" }, { "id": "", "name": "usps.com-trackasza.vip" }, { "id": "", "name": "usps.com-trackamr.top" }, { "id": "", "name": "usps.com-trackana.top" }, { "id": "", "name": "usps.com-trackajc.top" }, { "id": "", "name": "usps.com-trackahm.top" }, { "id": "", "name": "usps.com-trackags.top" }, { "id": "", "name": "usps.com-trackaez.vip" }, { "id": "", "name": "usps.com-trackacz.top" }, { "id": "", "name": "usps.com-trackacd.top" }, { "id": "", "name": "usps.com-trackaau.top" }, { "id": "", "name": "usps.com-tayrzptm.vip" }, { "id": "", "name": "usps.com-parcelytsbd.vip" }, { "id": "", "name": "usps.com-parcelytsbc.vip" }, { "id": "", "name": "usps.com-parcelytsbb.vip" }, { "id": "", "name": "usps.com-parcelytsba.vip" }, { "id": "", "name": "usps.com-parcelyjrrd.vip" }, { "id": "", "name": "usps.com-parcelyjrrc.vip" }, { "id": "", "name": "usps.com-parcelyjrrb.vip" }, { "id": "", "name": "usps.com-parcelyjrra.vip" }, { "id": "", "name": "usps.com-parcelyatrd.vip" }, { "id": "", "name": "usps.com-parcelyatrc.vip" }, { "id": "", "name": "usps.com-parcelyatrb.vip" }, { "id": "", "name": "usps.com-parcelyatra.vip" }, { "id": "", "name": "usps.com-parcelxxiod.vip" }, { "id": "", "name": "usps.com-parcelxxioc.vip" }, { "id": "", "name": "usps.com-parcelxxiob.vip" }, { "id": "", "name": "usps.com-parcelxxioa.vip" }, { "id": "", "name": "usps.com-parceluwqenj.vip" }, { "id": "", "name": "usps.com-parceluwqeni.vip" }, { "id": "", "name": "usps.com-parceluwqenh.vip" }, { "id": "", "name": "usps.com-parceluwqeng.vip" }, { "id": "", "name": "usps.com-parceluwqenf.vip" }, { "id": "", "name": "usps.com-parceluwqene.vip" }, { "id": "", "name": "usps.com-parceluwqend.vip" }, { "id": "", "name": "usps.com-parceluwqenc.vip" }, { "id": "", "name": "usps.com-parceluwqenb.vip" }, { "id": "", "name": "usps.com-parceluwqena.vip" }, { "id": "", "name": "usps.com-parcelurzj.vip" }, { "id": "", "name": "usps.com-parcelurzi.vip" }, { "id": "", "name": "usps.com-parcelurzh.vip" }, { "id": "", "name": "usps.com-parcelurzg.vip" }, { "id": "", "name": "usps.com-parcelurzf.vip" }, { "id": "", "name": "usps.com-parcelurze.vip" } ], "attack_patterns": [ { "id": "e684b1cc-3ebf-4679-bd3c-c5e540a60a5d", "name": "T1056.004" }, { "id": "6f00068c-812c-4e2b-9100-2cfa86b3aed9", "name": "T1132.001" }, { "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2", "name": "T1059.007" }, { "id": "7d7ac733-6442-416f-8669-c302dd0843b9", "name": "T1036" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" }, { "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62", "name": "T1190" }, { "id": "9f11a241-9abc-4c57-95dd-33955ab08826", "name": "T1078" } ], "others": [ { "id": "", "name": "United States of America" } ] }, "external_refs": [ "https://www.zimperium.com/blog/hidden-in-plain-sight-pdf-mishing-attack/", "https://otx.alienvault.com/pulse/6797e7cf00d753298a379df8" ] }