MatrixPDF Malware Targets Gmail Users Since Mid-September 2025
A novel malware campaign, MatrixPDF, has been targeting Gmail users since mid-September 2025. The campaign exploits trust in PDF documents and legitimate cloud services like iCloud to evade detection, demonstrating a sophisticated blend of social engineering and scripting abuse.
The campaign begins with emails appearing as internal organizational communications, complete with spoofed sender addresses. Each email contains a PDF attachment named MatrixDoc.pdf, which harbours a malformed object and an embedded JavaScript action. This embedded script uses customized obfuscation techniques to evade static analysis and execute a PowerShell command.
Once active, the secondary payload registers a hidden scheduled task named MatrixUpdater for persistence. The infection mechanism involves the PDF JavaScript exploiting the API to extract and launch the malicious file, disguised as a screensaver. The group behind the MatrixPDF malware campaign, which employs the MatrixPDF toolkit to transform normal PDF files into malicious ones, has not been explicitly named in the available information.
The MatrixPDF campaign is a sophisticated threat, exploiting trust in PDF documents and legitimate cloud services like iCloud. It uses a stealthy infection chain involving obfuscated scripts and disguised malicious files. As of now, the group behind this campaign remains unidentified. Users are advised to be cautious of unexpected PDF attachments, even from familiar senders.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- Swedish Housing Associations Hike Fees by 8.1% Amidst Inflation and Interest Rate Surge
- British intelligence agency MI6 establishes a covert dark web platform named 'Silent Courier' in Istanbul for the purpose of identifying and enlisting secret agents.
