This new phishing kit turns PDF files into malware - here's how to stay safe

News
By published

Regular PDF files can now easily be weaponized, experts warn

PDF
(Image credit: Varonis)
  • MatrixPDF phishing kit weaponizes PDFs using embedded JavaScript and redirect mechanisms
  • It mimics legitimate tools, offering drag-and-drop import, content blur, and Gmail bypass features
  • To stay safe, disable JavaScript, avoid suspicious PDFs, and use advanced email security tools

A new PDF phishing kit is being sold on the dark web, promising customers advanced features, a simple interface, and competitive pricing, experts have warned.

Security researchers from Varonis spotted MatrixPDF, an advanced solution being advertised as a legitimate tool, despite being circulated around the dark web.

Its full name is MatrixPDF: Document Builder - Advanced PDF Phishing with JavaScript Actions. It is being advertised as an “elite tool for crafting realistic simulation PDFs tailored for black teams and cybersecurity awareness training.”

How to defend

"With drag-and-drop PDF import, real-time preview, and customizable security overlays, MatrixPDF delivers professional-grade phishing scenarios,” the ad reads.

"Built-in protections-such as content blur, secure redirect mechanism, metadata encryption, and Gmail bypass-ensure authenticity and reliable delivery in testing environments."

With MatrixPDF, users can add a URL to the PDF, to which the victims will be redirected.

They can add titles, custom icons, and blur the content to look like it is “protected” against unauthenticated viewers. But its key feature is embedding JavaScript.

Users can toggle on JavaScript actions inside the PDF, which are triggered when the file is either opened or clicked. The payload URL, specified beforehand, can then be opened automatically, as soon as the file is clicked.

MatrixPDF can also be used to simulate system dialogs and display custom alert messages. All these things “effectively turn the PDF into an interactive lure,” the researchers concluded.

The best way to defend from weaponized PDF files is to avoid clicking prompts in unexpected and unsolicited PDF attachments.

This is especially important if the files have “Open Secure Document” buttons or blurred overlays.

Users can also disable JavaScript in the PDF reader which blocks embedded scripts, and ultimately - keep both your email client and PDF reader up to date.

Finally, using advanced email security tools, such as AI-powered filters, can detect suspicious overlays, hidden links, and malicious redirect behaviors.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.