A new malicious toolkit named MatrixPDF enables threat actors to transform standard PDF files into interactive phishing lures that evade email security filters. Marketed on cybercrime forums as a tool for penetration testing, it allows attackers to import a PDF and add features like blurred content, fake security prompts, and clickable buttons that redirect to malicious websites. The toolkit can also embed JavaScript to trigger actions upon opening the document or clicking a button.
These deceptive PDFs are designed to bypass protections like those in Gmail, as the platform's scanner does not detect malicious code within the file itself; the harmful content is only loaded when a user clicks the embedded link. While some PDF viewers may warn users about external connection attempts, the social engineering aspect often persuades targets to proceed. Varonis researchers, who discovered the tool, note that its pricing ranges from $400 monthly to $1,500 for an annual license.
To defend against such threats, security experts recommend using AI-powered email security that can analyze PDF structure for suspicious elements like overlays and automatically detonate embedded URLs in a sandboxed environment. This proactive approach is crucial as PDFs remain a common and trusted file format in business communications.
Read more...