Have you been hit by these hidden attacks?gettyRepublished on January 29th as another warning is issued as to the serious dangers in opening these PDFs.With the mobile threat landscape getting worse, iPhone and Android users have just been warned that a dangerous attack exclusively targeting mobile devices has been caught stealing credentials and sensitive data. You are now at risk from a never-before-seen means of hiding attacks. Not only do you need to avoid this threat, you also need to consider whether youve already been targeted.The warning comes by way of Zimperium, whose zLabs team has published the full technical detail behind these new attacks. The basics are all you really need to know though. The attackers have crafted PDF files with new techniques that bypass existing security checks, while relying on the ubiquity of such attachments.The campaign mimics United States Postal Service (USPS) text messages that are sent to mobile devices. But thats the easiest past of this to change. And so you should stop opening PDFs attached to text messages from any well-known own brand, unless youre certain theyre legitimate.Because PDFs are now so ubiquitous, used extensively for contracts, reports, manuals, invoices, and other critical business communications, Zimperium warns that users have developed a natural, but dangerous, assumption that all PDFs are safe. And now, cybercriminals are actively exploiting that false confidence. While I would hope that user confidence is already changing, given other PDF attacks over recent months, I fear that Zimperium is probably correct.MORE FOR YOUMalicious USPS text messageZimperiumAs Zimperium points out, this threat is getting worse. PDFs have become a common vector for phishing attacks, malware, and exploits due to their ability to embed malicious links, scripts, or payloads. And on mobiles, with small screens and masked detail, the problem is worse. Users often have limited visibility into file contents before opening, these threats can easily bypass traditional security measures.In PDFs, while links are typically represented using a /URI tag, the attackers worked out that by embedding clickable links without utilizing the standard /URI tag, it became more challenging to extract URLs during [security] analysis In contrast, the same URLs were detected when the standard /URI tag was used. This highlights the effectiveness of this technique in obscuring malicious URLs.Zimperium says it has identified more than 20 malicious PDF files and 630 phishing pages with hidden links, indicating a large-scale operation. The campaign appears to be supported by a widespread, malicious infrastructure, which could potentially impact organizations across 50+ countries. This campaign employs a complex and previously unseen technique to hide clickable elements, making it difficult for most endpoint security solutions to properly analyze the hidden links.Despite its cleverness, the attack itself follows the usual pattern of luring users into clicking a link that takes them to a credential stealing webpage. Its the link that is masked by the new obfuscation techniques. And that is the common thread.With perfect timing, that advice not to open any such PDFs attached to emails or messages purporting to be from well known brands, unless you can absolutely vouch for its authenticity has been reinforced in the wake of the Zimperium research.Palo Alto Networks has regularly warned of the dangers of PDF related phishing attacks, and have done so again. The firms Unit 42 warns that a new attack, using PDFs linked to phishing pages that impersonate Amazon, has just been found. Hopefully, the fact we behave had two warnings this week should be warning enough for you to be even more vigilant than usual.These linked phishing attacks ask for personal details and credit card data, Unit 42 says, and the attack uses its own cloaking techniques by redirecting scans and other analysis attempts to benign domains. The attacks follow that same pattern, one link leading to another as users are taken on a journey through a host of domains registered by the attackers. Ultimately, there will be a webpage designed to steal information. The only difference USPS has been traded for Amazon Prime.The good news is that the attacks are still relatively easy to spot if youre wary of the attachment and certainly any link within the attachment. If you have clicked through and shared any data, reboot your phone and change any passwords or other account data you shared. If that means stopping credit cards, then do that.To put that into perspective, Palo Alto Networks has reported than inside a year we noticed a dramatic 1,160% increase in malicious PDF files from 411,800 malicious files to 5,224,056. PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with just a plain link.The catch? That report was published in 2020. PDF phishing attacks are not new, and have been skyrocketing in recent years. Whats interesting here is the combination of the new link hiding techniques and the focus on mobile devices. Staying safe, though, remains the same. You must not click links or open attachments in text messages. Almost all of them are dangerous.