- Matrixpdf phishing kit weapons PDFs using embedded javascript and redirect mechanisms
- It mimics legitimate tools that offer imports of drag-and-slip, content blading and gmail-city pass features
- To remain in safety, disable JavaScript, avoid suspicious PDFs and use advanced E -mail -security tools
A new PDF -phishing kit is sold on the dark web, promising customers advanced features, a simple interface and competitive prices, experts have warned.
Security researchers from Varonis discovered Matrixpdf, an advanced solution advertised as a legitimate tool, despite being circulated around the dark web.
Its full name is Matrixpdf: Document Builder -Advanced PDF -Phishing with JavaScript actions. It is advertised as an “elite tool to design realistic simulation PDFs tailored to black teams and cyber security awareness training.”
How to defend
“With drag-and-slip-PDF import, preview in real-time and customized security overlays, matrixpdf delivers professional phishing scenarios,” the ad reads.
“Built-in protection, such as content bling, safe redirection mechanism, metadata encryption and gmail bypass single target authenticity and reliable delivery in test environments.”
With matrixpdf, users can add a URL to PDF to which the victims will be redirected.
They can add titles, custom icons, and blur the content to look like it’s “protected” against non -approved viewers. But its key function is the embedding of JavaScript.
Users can change JavaScript actions inside PDF, which is triggered when the file is either opened or clicked. The URL of Payload specified in advance can then be opened automatically as soon as the file is clicked.
Matrixpdf can also be used to simulate system dialogues and display custom alarm messages. All of these things “effectively transform PDF into an interactive lure,” the researchers concluded.
The best way to defend from weapons filmed PDF files is to avoid clicking prompts in unexpected and unsolicited PDF attached files.
This is especially important if the files have “open secure document” buttons or blurred overlays.
Users can also disable JavaScript in the PDF reader that blocks embedded scripts, and eventually -keep both your E -Mail client and PDF reader updated.
Finally, the use of advanced email security tools, such as AI-driven filters, can detect suspicious overlays, hidden links and malicious redirection behavior.
Via Bleeping computer
