Hiding in Plain Sight: How Attackers Use PDF Annotations to Mask Malicious QR Codes

Most people wouldn’t think twice about scanning a QR code in a document that appears to be from a trusted service like Docusign—especially when that document also contains links to legitimate domains. But attackers are now leveraging this very assumption to bypass security measures and trick unsuspecting victims.

By embedding strategically placed PDF annotations alongside a phishing QR code, cybercriminals are introducing a new layer of deception. These annotations don’t contain malware or direct phishing links themselves. Instead, they serve as a trust-building mechanism, reinforcing the illusion that the document is safe.

This novel approach makes the attack more convincing to human targets and harder for security tools to detect.

The attack begins with a malicious email designed to appear as a notification from Docusign. While we’ve seen a considerable increase in attacks exploiting the actual Docusign platform, this email isn’t sent from an official Docusign address. Further, the email body itself is empty, with the impersonated Docusign content contained within an attached PDF.

The subject line and PDF claim the file being shared is related to payroll and benefit information, and the recipient is instructed to scan the embedded QR code to view and sign the document.

However, as with all QR code phishing attacks, should the recipient scan the QR code, they will be redirected to a malicious website designed to steal sensitive information.

On the surface, this attack presents as simply another QR code phishing attack exploiting the trusted name of Docusign to deceive targets into revealing sensitive information. But digging into the details of the email reveals the true complexity of this threat.

Docusign-themed phishing attacks are typically executed one of two ways: 1) the threat actor utilizes the actual Docusign platform to deploy the malicious email, or 2) the threat actor customizes a template and sends the email via a compromised or spoofed address. In both cases, the content is embedded in the email body itself. In this attack, however, the perpetrators share the malicious content in a PDF instead of inserting it into the email body—allowing them to take advantage of PDF annotations.

PDF annotations are interactive elements embedded within PDF documents that serve various legitimate purposes, such as linking to external resources, adding comments, or providing navigation aids. Attackers have exploited PDF annotations for malicious purposes in the past, such as the Evil Annotation Attack (EAA), which used annotations to inject malicious content into certified PDFs. Similarly, Sneaky Signature Attacks (SSA) used overlays to manipulate a PDF’s appearance without invalidating its certification.

In this campaign, however, annotations are not the primary threat but are cleverly employed to legitimize the actual phishing mechanism—the QR code. Strategically placed on top of the QR code is a PDF annotation, which includes legitimate links to well-known entities, such as Docusign and a mailto link (e.g., esign@<redacted>.co.uk).

While the QR code is linked to a phishing page designed to steal login credentials or other sensitive information, the legitimate annotations ensure that both automated security checks and cautious recipients do not immediately flag the PDF as suspicious.

The PDF contains two interactive annotations, both reinforcing legitimacy:

1. Docusign Link: An annotation overlay links to a legitimate Docusign URL, making the document appear authentic.

2. Mailto Link: Another annotation auto-populates an email address when clicked, further boosting credibility.

These can be seen in the code below:

% pdf_analysis.py -f Additional_Payroll_and_Benefit_Sheet_ChristmasBenefit <redacted>.pdf
Showing all annotations:
==================== PAGE 1 ====================

Annotation #1:
------------------------------
/Type: /Annot
/Subtype: /Link
/Rect: [206.25, 491.75, 386.25, 503]
/Border: [0, 0, 0]
/A: {'/Type': '/Action', '/S': '/URI', '/URI': 'https://eu.docusign.net/Member/EmailStart.aspx?a=0f4a0415-9abb-4b04-bc4b-5544275b012d&acct=aeee7f4d-70d4-4d42-89ef-0306ed9abffe&er=8107520c-6b9b-4020-a555-599db953348b'}
------------------------------

Annotation #2:
------------------------------
/Type: /Annot
/Subtype: /Link
/Rect: [33, 407.75, 132.75, 419]
/Border: [0, 0, 0]
/A: {'/Type': '/Action', '/S': '/URI', '/URI': 'mailto:esign@<redacted>.co.uk'}

This campaign represents an evolution of quishing tactics, leveraging PDF features in a novel way to introduce multi-layered deception. Unlike traditional annotation exploits, which target the user directly with harmful links or scripts, the annotations in this attack are not malicious. Rather, they build trust and subtly enhance the perceived trustworthiness of the document, making it less likely that a recipient or security system will scrutinize the document closely.

The presence of recognizable, trusted links makes the document appear authentic, reinforcing the illusion that it is safe. A user opening the PDF and inspecting its contents would see URLs pointing to legitimate services, reducing their skepticism about scanning the QR code. At the same time, these annotations serve as a smokescreen, helping the attack bypass traditional secure email gateways (SEGs), which often analyze links within attachments to assess their safety. Because the annotations contain only legitimate URLs, they divert attention from the malicious QR code that ultimately directs targets to a phishing website.

By embedding these trusted links, attackers exploit both psychological tendencies and security blind spots. Users are more inclined to trust a document containing familiar domains, while SEGs, which primarily focus on scanning document content for known threats, struggle to detect this blended approach. The annotations act as a form of misdirection, allowing the actual phishing mechanism—the QR code—to evade scrutiny.

QR codes present another detection challenge. Unlike standard phishing links, QR codes require additional processing to extract the embedded URL, making automated scanning more complex. Additionally, attackers can further obfuscate detection by embedding multiple redirections within the QR code, which complicates analysis and allows them to evade traditional security filters.

This attack underscores a growing trend in cyber threats—the strategic blending of legitimate and malicious elements to evade detection. While traditional security tools focus on scanning attachments for known threats, attackers are innovating ways to manipulate trust and bypass defenses.

Organizations must adopt multi-layered security strategies that go beyond basic link scanning and rule-based detection. AI-powered email security can detect these emerging tactics by analyzing the entire attack chain, recognizing behavioral anomalies, and correlating suspicious signals. This approach ensures that even the most sophisticated phishing attempts are identified and stopped before they can cause harm.

For even more insights into the threat landscape and predictions for where it’s headed, download our report, Inbox Under Siege: 5 Email Attacks You Need to Know for 2025.