Categories: Cybersecurity Academy InfoSec News

Analyzing Phishing Attacks that use malicious PDFs

Published by
RiSec.n0tst3

Analyzing Phishing attacks

Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis and I went straight to the point to make this reading simple and fast.

Here is the received email as it was from the Caixa Economica Federal bank, but we can see the sender uses Gmail services and a strange name.

I verified this e-mail header using MXtoolbox, and we can see the IP used by the sender (attacker).

Below is the reputation of the IP used by the attacker.

We can see this IP has a lot of mentions about malicious activities.

I downloaded this file in my VPS (Kali Linux) and used peepdf to do an analysis of the file structure, and I found 2 URIs in objects 3 and 5.

After I checked objects 3 and 5 using pdf-parser, I discovered a malicious URL in the 3.

I did a check about this URL in VirusTotal and it had a malicious reputation.

When I opened the file in the Kali, we could see it had an original logo of the bank and a button to click that will direct me to an URL.

When I clicked in this button the URL hxxp://cefonlineencaminha[.]z13[.[]web[.]core[.]windows[.]net redirect to another URL ms[.]meuappavisos[.]com

I checked the URL reputation, and it has a lot of mentions about it.

In conclusion, it’s essential to take care and attention to each detail when you open this kind of email because you can put your machine in a dangerous situation, have your data exfiltrated, be hacked and etc.

Tools used during the analysis:

source

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmark Close
Social Comments Box
Connect
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 13 February 2022 4:46 PM

RiSec.n0tst3

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

Leave a Comment
Published by
RiSec.n0tst3
Tags: abuseipdb Analyzing Phishing attacks cyber security cybersecurity datasecurity exploit infosecurity linux phishing

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago