Are PDF files common in malicious campaigns?
When it comes to conveniently exchanging electronic documents, PDF files are hard to beat. They represent one of the most common file formats used in nearly all industries. However, the popularity of PDF files makes them easily recognizable to nearly anyone going online.
The familiarity and a sense of safety do the trick of convincing phishing targets to download and open PDFs. Researchers have reported multiple malware examples exploiting PDFs:
- A Java-based RAT named StrRAT used PDF files in its malware campaign to infect users. The malware was after password and bank information victims saved on their devices.
- A keylogger called Snake spread via malicious emails containing PDF attachments that embedded Word documents.
- Lazarus email campaigns targeted users with macOS malware in dangerous PDF files disguised as crypto-based job offers.
How can PDFs have viruses?
Hackers can manipulate PDF documents to taint devices with various viruses. Additionally, it can be the preferred file format for phishing campaigns when Word or Excel files seem less natural. For instance, PDFs are much more common for invoices or documents featuring payment information.
Also, PDFs are powerful as they can interact with remote sites, feature embedded files, or launch local applications. Furthermore, PDFs can have clickable URLs and JavaScript. The latter code additions can customize PDF files. However, it opens doors for structures triggering malicious behavior.
In the case of StrRAT, the downloaded PDF would contact a malicious domain and then download malware or its variants like scareware. The Snake infection showcased different behavior: file embedding. If targets downloaded the tainted Snake PDF and opened it, they were prompted to open .docx documents.
What damage can PDF viruses do?
The consequences of downloading and opening a PDF file depend on the type of infection it spreads. Generally, opening a malicious PDF file can initiate any kind of behavior set up by hackers.
However, the most common ones include stealing information like credentials or financial details. It also allows hackers to spread additional malware by creating backdoors. So, an infected PDF file can cause many issues, from data theft to ransomware.
Malware hidden within ebooks
Pirated ebooks are common bait hackers use to lure book lovers into their traps. While legitimate distributors might initiate scans or checkups of uploaded content, guaranteeing foolproof safety is impossible.
Before downloading classic novels or going for more contemporary fiction, see whether your download does not violate copyright laws. Then, remember that criminals could taint ebook PDFs with malware and scripts, severely compromising devices.
How to defend against malicious PDFs
Protect your devices from malicious documents by following these recommendations.
Do not download unknown PDF files
Due to the dynamic features of PDF format, you can never know what activities such files can initiate. So, make it a rule never to download unknown PDF files. For instance, random emails with PDF attachments could originate from malicious senders.
However, fully avoiding PDFs is not a realistic option. Thanks to its universal capabilities, you will likely encounter them on various occasions. Therefore, you need to learn how to verify PDF file safety.
Update your software
Vulnerabilities in PDF readers and other software can facilitate the arrival of malware. Therefore, keeping all programs running their latest versions reduces the chances of getting infected.
Disable JavaScript in PDF documents
Turning off JavaScript in PDF readers is appropriate for dealing with code execution attacks. So, if you download a PDF designed to run malicious scripts, this code should not be able to run. Of course, it might not be a long-term solution, as JavaScript might be necessary for trusted PDFs.
Use a trustworthy PDF reader
Many PDF readers exist, but be sure to use one that comes from trusted sources. Additionally, it should receive frequent updates to combat vulnerabilities.
PDF viruses could exploit software flaws to run malware, create backdoors, or steal data. A well-managed and updated application is much more resistant to such exploits.
Scan the file for malware
You can separate malicious PDFs from harmless files by scanning them with antivirus programs.
Even infected PDF documents are unlikely to cause issues until you open them. Therefore, you can get a suspected PDF and use your antivirus software to see its safety status.
However, file-scanning software does not always work as users would expect. Since it is possible to conceal PDF file components, scanners might miss certain red flags of malicious behavior. So, if you encounter a suspicious PDF file or Office document, it is better not to download it at all.
Like what you’re reading?
Get the latest stories and announcements from NordVPN
We won’t spam and you will always have the choice to unsubscribe