IT Security

Malicious PDFs

What are Malicious PDFs?

Portable Document Format (PDF) files were once considered to be immune to viruses, but PDF documents have evolved to incorporate more components that can make them vulnerable to viruses and other malicious content. These are a few PDF features and associations that can have underlying vulnerabilities:

Multimedia content. PDF documents that contain multimedia content such as Adobe Flash, video, or audio can be compromised by malware being embedded within the multimedia files. This technique is referred to as a Trojan Horse, which is a method of hiding an attack within something that appears harmless. If you click on a malicious link within a PDF document, your machine may become infected, or you could be tricked into revealing information that can be used to impersonate and/or scam you.

JavaScript. JavaScript programming language is used to create dynamic elements and graphics on websites. Cyberattackers can use JavaScript to exploit specific PDF readers vulnerabilities to initiate malware. One possible area of vulnerability in a PDF is the “fill and sign” function, where users can display the current date, add print buttons, format data, and perform calculations. Cyberattackers could add malicious code to these scripts, and PDF readers could then run the infected code.

System commands. A PDF file could contain malicious code that instructs your computer to execute a command that will launch malware that can compromise your system.

Malware disguised as PDF. In a phishing cyberattack, the cyberattacker could disguise themselves as someone that you know and could attack via email with a file that appears to be a PDF, but it is, instead, a file intended to steal your personal information or infect your machine with malware. Another form of cyberattack with malware disguised as a PDF are fake ebooks that appear to be books or documents with free download links, but, once downloaded, there is a link a few pages in that directs the user to click to obtain the rest of the document- but instead they are directed to a paid site or will download a virus.

There are many steps that you can take to avoid malicious PDF content:

  • Use antivirus software that scans PDF documents for viruses
  • Update your PDF readers
  • Disable JavaScript in your PDF reader
  • Use your browser’s PDF reader
  • Do not open email attachments from unknown senders
  • Do not open emails or click on links from your contacts if you were not expecting them
  • Do not download ebooks or documents from unknown sources
  • Use a virtual machine