Sunday, May 25, 2025
HomeCyber Security NewsHackers Mimic USPS To Deliver Malicious PDF In Attack Targeted Mobile Devices

Hackers Mimic USPS To Deliver Malicious PDF In Attack Targeted Mobile Devices

Published on

SIEM as a Service

Follow Us on Google News

In a detailed analysis published on January 27, 2025, Zimperium’s zLabs team uncovered a sophisticated phishing campaign targeting mobile devices through malicious PDF files.

Disguised as communications from the United States Postal Service (USPS), this campaign employs advanced social engineering and obfuscation tactics to steal user credentials and sensitive data.

The campaign reportedly spans more than 50 countries, underscoring the global scale of the threat.

- Advertisement - Google News

PDF, a widely used enterprise file format, has become an unexpected avenue for cyberattacks due to its perceived safety.

Structure of the PDF
Structure of the PDF

Often considered immutable and trustworthy, PDF files are now exploited by attackers embedding malicious links and scripts.

Mobile devices, with their limited capacity to offer document previews and analyze embedded links, are particularly vulnerable.

Without robust on-device protections, enterprises risk exposing sensitive data to such threats.

Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Innovative Techniques in Obfuscation

Zimperium’s research uncovered over 20 malicious PDF files and 630 phishing pages linked to the campaign.

A novel deployment method was identified in the PDF files, where clickable elements were obscured by not using the conventional /URI tag for web links.

This deliberate choice allowed attackers to bypass detection mechanisms in many endpoint security solutions, while the same URLs embedded with standard tags were flagged as malicious.

Form to steal card info from the victim
Form to steal card info from the victim

The PDFs operated within a hierarchical structure of objects catalogs, pages, fonts, and external objects (XObjects) to create hidden links.

By employing deceptive attributes such as white text and layering clickable buttons over hidden elements, the attackers effectively obfuscated their actions within the files.

On select platforms like Chrome and macOS Preview, these tactics rendered the hidden links clickable, leading users to phishing websites.

The campaign further included a USPS-themed landing page designed to extract personal and payment information.

The data, encrypted using the Rabbit stream cipher, was transmitted to an attacker-controlled server while stored locally on the victim’s browser.

Multilingual support observed in the phishing pages suggests the use of a phishing kit capable of targeting users worldwide.

Zimperium highlights the efficacy of its Mobile Threat Defense (MTD) solutions in addressing such evolving threats.

Utilizing on-device AI-based detection, Zimperium’s solutions identify malicious PDFs and phishing links in real-time, even in offline environments.

This approach ensures privacy by conducting all analysis locally on the device, eliminating the need to upload sensitive content to the cloud.

By combining zero-day threat detection with robust AI algorithms, Zimperium empowers enterprises to safeguard sensitive data and workflows from PDF-based phishing campaigns and advanced exploit techniques.

The findings reinforce the importance of adopting sophisticated on-device defenses in combating the rapidly evolving landscape of mobile-based cyber threats.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...