Researchers studied the infrastructure behind clickbait PDF attacks by analyzing a large dataset of real-world PDFs to identify clickbait ones and their linked infrastructure and found that attackers use various hosting types, including object storage, website hosting, and CDNs.  The attackers exploit vulnerabilities in outdated software components to upload malicious PDFs, while researchers also investigated mitigation strategies and notified hosting providers about the malicious PDFs.  While this takedown effort had positive results initially, most providers didn’t address the underlying vulnerabilities, allowing attackers to upload new clickbait PDFs soon after.   The interconnections between clickbait PDFs Clickbait PDFs are malicious PDFs that use SEO techniques to rank highly in search results and lead users to phishing attacks.  The authors investigate the infrastructure that supports these clickbait PDFs by identifying four research questions: (1) what types of hosting services are used; (2) how attackers upload the PDFs; (3) how long the PDFs stay online and how many there are; and (4) how effective it is to report the abuse to the hosting providers.  To answer these questions, they create two datasets of clickbait PDFs, one for initial analysis and one for real-time monitoring, by comparing their work to a previous study and highlighting their contributions, which include a larger dataset, a new way to track active clickbait PDFs, and a machine learning model for data analysis.  Grape modules and I/O data connections.

Source: GBHackers