Enterprise users know by now that they shouldn’t click on suspicious-looking links or download strange files. But what about innocuous, ever-present PDFs? Researchers at security company Varonis have uncovered a crafty new Gmail phishing attack that not only masquerades as a PDF attachment, but automatically prompts victims to open it. The MatrixPDF toolkit fools victims by using blurred content and overlays, and embeds JavaScript to bypass filters and fetch malicious payloads without user ...
