When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

The uniqueness of the attack is seen in the URL, which comes with an embedded XObject.

This allows the crooks to turn it into a clickable button.

Close up of a business person using a smartphone.

SMS messages and PDF files

The attack starts with an SMS message, instead of an email.

This information is ultimatelyencryptedand relayed to the attacker-owned C2 server.