Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks. A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people with little tech know-how to launch major attacks. Two such dangerous platforms have been reported by the end-to-end data security provider, Varonis, which shared its findings with Hackread.com.
MatrixPDF - One of the new tools, called MatrixPDF, takes the usual (Portable Document Format) PDF file and transforms it into a malicious one, a fully functioning malware, in this case. Known is that PDF files are generally more trusted and can easily evade normal email security checks, like those in Gmail.
However, MatrixPDF lets attackers add malicious features to a legitimate PDF file, such as blurry content overlays and fake prompts that say “Open Secure Document.”
MatrixPDF builder and Malicious PDF with blurred content (Image credit: Varonis)
When a victim opens the file and clicks the prompt, the harmless-looking document can start stealing sensitive data like login details or installing a harmful payload. This occurs because the file contains small scripts and an external link, which bypasses initial email scans.
In other scenarios, the document may use scripts to automatically connect to a malicious site when opened in a desktop reader, relying on the user to carelessly click “Allow” on a security pop-up to begin a download.
SpamGPT - Varonis researchers identified another tool, SpamGPT, which is marketed as an all-in-one spam-as-a-service platform. This system uses AI (Artificial Intelligence), specifically an AI assistant called ‘KaliGPT,’ to make mass email campaigns extremely effective.
This platform lets even newbie attackers quickly set up and run large phishing campaigns using its AI assistant to write effective scam emails. It copies the look and feel of professional marketing dashboards, allowing operators to manage campaigns, track results, and check if an email lands in the inbox or the spam folder.
SpamGPT’s AI-powered dashboard and SpamGPT’s official advertisement (Image credit: Varonis)
Even more important is that this toolkit doesn’t just send bulk email; it is fine-tuned for deliverability by abusing trusted cloud services like Amazon AWS to appear as legitimate mail.
It also automates “inbox placement tests” to see if messages bypass filters before launching the attack, researchers explained. Additionally, the platform provides training on how to acquire compromised email servers and supports the spoofing of sender identities to lower the technical barrier for criminals to run large-scale operations.
It is worth noting that while malicious alternatives of ChatGPT, like FraudGPT and WormGPT, are already out there, the emergence of these platforms signals a new era of risk. Varonis researcher Daniel Kelley points out that, “these powerful next-gen plug-and-play tools require little know-how and become especially potent when combined.”
These findings may redefine online security, making AI-powered email security solutions a necessity as these inspect links for bad intent and use a safe, virtual environment (a cloud sandbox) to find hidden malicious actions. To stay safe, never click “Open Secure Document” in an unexpected file preview, and always enable multi-factor authentication.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments