chat
expand_more

Hiding in Plain Sight: How Attackers Use PDF Annotations to Mask Malicious QR Codes

Attackers are exploiting PDF annotations to disguise phishing QR codes, bypassing security and deceiving users. Learn how this sophisticated threat works.
March 4, 2025

Most people wouldn’t think twice about scanning a QR code in a document that appears to be from a trusted service like Docusign—especially when that document also contains links to legitimate domains. But attackers are now leveraging this very assumption to bypass security measures and trick unsuspecting victims.

By embedding strategically placed PDF annotations alongside a phishing QR code, cybercriminals are introducing a new layer of deception. These annotations don’t contain malware or direct phishing links themselves. Instead, they serve as a trust-building mechanism, reinforcing the illusion that the document is safe.

This novel approach makes the attack more convincing to human targets and harder for security tools to detect.

Breaking Down the Annotated QR Code Phishing Attack

The attack begins with a malicious email designed to appear as a notification from Docusign. While we’ve seen a considerable increase in attacks exploiting the actual Docusign platform, this email isn’t sent from an official Docusign address. Further, the email body itself is empty, with the impersonated Docusign content contained within an attached PDF.

PDF Annotations Mask Malicious QR Codes Email Header
PDF Annotations Mask Malicious QR Codes Malicious Email

The subject line and PDF claim the file being shared is related to payroll and benefit information, and the recipient is instructed to scan the embedded QR code to view and sign the document.

However, as with all QR code phishing attacks, should the recipient scan the QR code, they will be redirected to a malicious website designed to steal sensitive information.

What Makes This Attack Unique?

On the surface, this attack presents as simply another QR code phishing attack exploiting the trusted name of Docusign to deceive targets into revealing sensitive information. But digging into the details of the email reveals the true complexity of this threat.

Docusign-themed phishing attacks are typically executed one of two ways: 1) the threat actor utilizes the actual Docusign platform to deploy the malicious email, or 2) the threat actor customizes a template and sends the email via a compromised or spoofed address. In both cases, the content is embedded in the email body itself. In this attack, however, the perpetrators share the malicious content in a PDF instead of inserting it into the email body—allowing them to take advantage of PDF annotations.

PDF annotations are interactive elements embedded within PDF documents that serve various legitimate purposes, such as linking to external resources, adding comments, or providing navigation aids. Attackers have exploited PDF annotations for malicious purposes in the past, such as the Evil Annotation Attack (EAA), which used annotations to inject malicious content into certified PDFs. Similarly, Sneaky Signature Attacks (SSA) used overlays to manipulate a PDF’s appearance without invalidating its certification.

In this campaign, however, annotations are not the primary threat but are cleverly employed to legitimize the actual phishing mechanism—the QR code. Strategically placed on top of the QR code is a PDF annotation, which includes legitimate links to well-known entities, such as Docusign and a mailto link (e.g., esign@<redacted>.co.uk).

PDF Annotations Mask Malicious QR Codes Link Diagram

While the QR code is linked to a phishing page designed to steal login credentials or other sensitive information, the legitimate annotations ensure that both automated security checks and cautious recipients do not immediately flag the PDF as suspicious.

The PDF contains two interactive annotations, both reinforcing legitimacy:

  1. Docusign Link: An annotation overlay links to a legitimate Docusign URL, making the document appear authentic.

  2. Mailto Link: Another annotation auto-populates an email address when clicked, further boosting credibility.

These can be seen in the code below:

% pdf_analysis.py -f Additional_Payroll_and_Benefit_Sheet_ChristmasBenefit <redacted>.pdf
Showing all annotations:
==================== PAGE 1 ====================

Annotation #1:
------------------------------
/Type: /Annot
/Subtype: /Link
/Rect: [206.25, 491.75, 386.25, 503]
/Border: [0, 0, 0]
/A: {'/Type': '/Action', '/S': '/URI', '/URI': 'https://eu.docusign.net/Member/EmailStart.aspx?a=0f4a0415-9abb-4b04-bc4b-5544275b012d&acct=aeee7f4d-70d4-4d42-89ef-0306ed9abffe&er=8107520c-6b9b-4020-a555-599db953348b'}
------------------------------

Annotation #2:
------------------------------
/Type: /Annot
/Subtype: /Link
/Rect: [33, 407.75, 132.75, 419]
/Border: [0, 0, 0]
/A: {'/Type': '/Action', '/S': '/URI', '/URI': 'mailto:esign@<redacted>.co.uk'}

This campaign represents an evolution of quishing tactics, leveraging PDF features in a novel way to introduce multi-layered deception. Unlike traditional annotation exploits, which target the user directly with harmful links or scripts, the annotations in this attack are not malicious. Rather, they build trust and subtly enhance the perceived trustworthiness of the document, making it less likely that a recipient or security system will scrutinize the document closely.

Why This Attack Is Difficult to Detect

The presence of recognizable, trusted links makes the document appear authentic, reinforcing the illusion that it is safe. A user opening the PDF and inspecting its contents would see URLs pointing to legitimate services, reducing their skepticism about scanning the QR code. At the same time, these annotations serve as a smokescreen, helping the attack bypass traditional secure email gateways (SEGs), which often analyze links within attachments to assess their safety. Because the annotations contain only legitimate URLs, they divert attention from the malicious QR code that ultimately directs targets to a phishing website.

By embedding these trusted links, attackers exploit both psychological tendencies and security blind spots. Users are more inclined to trust a document containing familiar domains, while SEGs, which primarily focus on scanning document content for known threats, struggle to detect this blended approach. The annotations act as a form of misdirection, allowing the actual phishing mechanism—the QR code—to evade scrutiny.

QR codes present another detection challenge. Unlike standard phishing links, QR codes require additional processing to extract the embedded URL, making automated scanning more complex. Additionally, attackers can further obfuscate detection by embedding multiple redirections within the QR code, which complicates analysis and allows them to evade traditional security filters.

Blocking Annotated QR Code Phishing Attacks

This attack underscores a growing trend in cyber threats—the strategic blending of legitimate and malicious elements to evade detection. While traditional security tools focus on scanning attachments for known threats, attackers are innovating ways to manipulate trust and bypass defenses.

Organizations must adopt multi-layered security strategies that go beyond basic link scanning and rule-based detection. AI-powered email security can detect these emerging tactics by analyzing the entire attack chain, recognizing behavioral anomalies, and correlating suspicious signals. This approach ensures that even the most sophisticated phishing attempts are identified and stopped before they can cause harm.

For even more insights into the threat landscape and predictions for where it’s headed, download our report, Inbox Under Siege: 5 Email Attacks You Need to Know for 2025.

Hiding in Plain Sight: How Attackers Use PDF Annotations to Mask Malicious QR Codes

See Abnormal in Action

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Discover How It All Works

See How Abnormal AI Protects Humans

Related Posts

B X Files Fileless Malware
Learn how XFiles uses fileless malware, Cloudflare Turnstile widgets, and phishing emails to steal login details, cryptocurrency wallets, and access to corporate systems.
Read More
B Email Metrics
Understand essential email security metrics that reveal the strength of your protection and highlight areas for improvement in your security program.
Read More
B 1500x1500 MKT579z 3 Images for Proofpoint Customer Story Blog 15
A global industrial manufacturer blocked 3,232 missed attacks and saved 336 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B RFI
Abnormal urges adoption of AI-native cybersecurity in response to OSTP’s RFI, highlighting the need for public-private collaboration to counter AI-powered threats.
Read More
B MKT793r Open Graphs Convergence Announcement Blog
Join this virtual event series to get the insights you need to make security decisions in the age of AI.
Read More
B Atlantis AIO Blog
Discover how cybercriminals use Atlantis AIO to automate credential stuffing attacks—and how AI-driven security can stop them before accounts are compromised.
Read More