Phishing Campaign Baits Hook With Malicious Amazon PDFsPhishing Campaign Baits Hook With Malicious Amazon PDFs
In their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.
January 28, 2025

NEWS BRIEF
Researchers are highlighting the rise of a new phishing tactic: a campaign that uses PDF documents to trick victims by announcing expired Amazon Prime memberships.
Users are targeted by email and, after clicking on the PDFs, are taken to pages that impersonate Amazon, where they are urged to input their personal details and credit card information.
The researchers at Palo Alto Networks Unit42 who discovered the campaign have collected 31 PDF files with links to these phishing sites, none of which had been submitted to VirusTotal.
The chain of events in the phishing attack begins with the email containing the PDF attachment. Once clicking on the link from the PDF, the victim is redirected from the initial URL to subdomains of duckdns[.]org that host the phishing website.
"These phishing websites use cloaking to redirect scans and other analysis attempts to benign domains," the researchers wrote. These domains for most of the initial and intermediate staging URLs are hosted on the same IP address.
There are four initial links used in the campaign that potential victims should be wary of:
hxxps[:]//redirjhmxnasmdhuewfmkxchbnvjxfasdfasd.duckdns[.]org/XOZLaMh
hxxps[:]//redixajcdkashdufzxcsfgfasd.duckdns[.]org/CCq8SKn
hxxps[:]//zmehiasdhg7uw.redirectme[.]net/xn28lGa
hxxps[:]//rediahxjasdusgasdzxcsdefwgasdgasdasdzxdz.duckdns[.]org/agungggg1298w862847
"The initial attack vector, where users are beguiled into opening an email attachment containing a PDF file, is a stark reminder of the importance of remaining vigilant of emails," Javvad Malik, lead security awareness advocate at KnowBe4, wrote in an emailed statement. "Emails still remain the most popular attack avenue for phishing, so it's important that people have the right education and tools at their disposal to be able to effectively identify and report any suspicious activity."
Read more about:
News BriefsAbout the Author
You May Also Like
Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025Shift Left: Integrating Security into the Software Development Lifecycle
Mar 5, 2025