14 hours Ago
Do not take this risk. The mobile threat landscape is getting worse, with half of all devices unprotected from new attacks and the current trickle of dangerous AI campaigns about to become a tidal wave. And while we’re becoming better conditioned to avoid clicking links, opening office attachments or installing apps, one threat is still slipping the security net.
We’re talking PDFs, which are seen as a safe file type to open on your phone — but they are not. They are now being crafted with embedded risks including masked links and links hidden behind QR codes, and they are easy to cloak with a mimicked brand. The latest warning comes from Zimperium , which has seen a surge in PDF attacks.
While this is true of both email and SMS attachments, the latter is far worse. SMS threats in general “now comprise over two-thirds of observed attack attempts, signifying a critical pivot in threat actor methodology.” Google’s Update Decision—Bad News For 50% Of Android Users And so a PDF attached to an SMS is a double whammy.
In the past year, Zimperium says it has observed “attackers increasingly leveraging PDF attachments delivered via SMS messages because these files can effectively obfuscate malicious content and evade traditional security scans. This tactic exploits the fact that users have become accustomed to and generally trust PDF documents in their daily interactions, and many defense mechanisms may not thoroughly inspect them for embedded threats.” Mobile Threat Report 2025 The team has seen these attacks “frequently leverage well-known brands.
.. to manipulate user trust, compelling victims to click through and initiate the attack.
” That means no PDF regardless of the lure and purported sender ID is guaranteed safe. This is especially true given how easy it is with short-codes to mimic a brand in a text. PDFs win on two counts.
The embedded threats bypass security scans by skipping /URL tags against links, and then the benign nature of a PDF combined with trust in the faked brand solicits clicks. “This evolution signifies a sophisticated attempt to bypass established security measures and capitalize on user familiarity and trust.” We have seen multiple PDF alerts over the last year.
The team warns that “because PDFs are now so ubiquitous...
used extensively for contracts, reports, manuals, invoices, and other critical business communications, users have developed a natural, but dangerous, assumption that all PDF’s are safe. And now, cybercriminals are actively exploiting that false confidence.” Microsoft’s AI Secretly Copies Your WhatsApp, Signal Messages Dangerous PDFs are not new.
There have been multiple warnings in recent years. But the obfuscation tactics are evolving and the rise in smishing kits and maliciously crafted domains for embedded links has reached a new level. Don’t take any chances.
PDFs should be seen as every bit as dangerous as links and office docs..
