A new fishing and malware distribution toolkit called MatrixPDF allows the attackers to convert ordinary PDF files into interactive lorses that bypass email protection and redirect victims in credential theft or malware downloads.
The new equipment was seen by Varonis researchers, who told BlappingCopper that MatrixPDF was first seen on a cyber crime forum. The seller also uses telegram as a means of interacting with buyers.
The developer of Matrixpdf promotes the tool as a fishing simulation and blacketing tool. However, Varonis researcher Daniel Kelly told Bleepingcomputer that it was first seen offered on cybercrime forums.
“MatrixPDF: Document Builder – Advanced PDF with JavaScript Action is an elite tool to craft the realistic fishing simulation PDF from Silavya for Advanced PDF Fishing Black Teams and Cyber Security Awareness Training,” read in an advertisement shared with Blappingcopter.
“Drag-end-drop PDF imports, with real-time preview and adaptable safety overlays, MatrixPDF distributes professional-grade fishing scenarios.”
“Build-in protection-like content blur, secure redirect mechanism, metadata encryption, and Gmail bypass-sensor authenticity and reliable delivery in testing environment.”
The device is introduced under various pricing schemes, which ranges from $ 400 per month to $ 1,500 for the whole year.
Source: Varonis
Matrixpdf fishing toolkit
A New report by Varonis It is said that MatrixPDF builder enables attackers to upload a valid PDF as a greed and then combines malicious features, such as blurred materials, fake “safe documents”, and clicking overlays that move to the outer payload URL.
Source: Varonis
Matrixpdf can also embed the JavaScript actions that the user opens a document or when the victim clicks on a button is triggered. This JavaScript will try to open a website or do other malicious tasks.
Blurred material features enable the actor to make PDF PDF that appears in protected, blurred materials and includes the “Open Secure Document” button. Clicking on the document opens a website that can be used to host the fishing pages or distribute malware.
A test by Varonis suggests how malicious PDF could be sent to the Gmail account, bypassing the fishing filter. This is because the PDF generated does not contain malicious binergies and external links only.
“Gmail’s PDF viewer PDF does not execute the JavaScript, but allows click link/anotation,” explains Varonis.
“Thus, the PDF of the attacker is created, so the button press only opens an external site in the user’s browser. It works around the safety of some clever design Gmail: any malware scanning of PDF does not give itself anything, and real malicious materials are obtained only once, the user is seen as a user.”
Another performance shows how malicious PDF attempts to open an external site. This feature is somewhat limited, as modern PDF viewers will alert the user that PDF is trying to connect to a remote site.
Varonis has warned that PDF is a popular vehicle for fishing attacks as they are usually used, and email platforms can display them without any warnings.
The company says that the AI-powered email security, which analyzes the PDF structure, detects blurred overlays and fake signals, and explodes embedded URL in a sandbox, can help block these files by accessing the target inbox.
attend Violation and attack simulation summit And experience Future of security verificationListen to top experts and see how AI-managed base Breach is changing and attacking simulation.
Do not remember the event that will shape the future of your safety strategy
