Can a PDF infect your computer?
Mantra Team
PDF for malware delivery
PDF for malware delivery
PDF for malware delivery
The PDF format, created by Adobe in 1993, is one of the most used document formats in the world.
By certain estimates, there are more than 2 billion PDFs opened each year in Microsoft Outlook only.
But is this format safe? Can hackers exploit it to compromise your endpoint? And what protection measures can a company enact?
Here’s a little overview of the question.
What contributes to the security of the PDF format
The PDF format (for Portable Document File) has some characteristics that contribute to its security, when compared for example with Word documents or ISO files…
- Not an executable: This is obvious, but a PDF is not an executable file, and therefore represents less of a risk compared to .exe files or .iso files that can be mounted and transformed into an executable file
- More difficult to edit: Compared with files like Word (.docx) or Pages (for Apple), a PDF file is harder to modify and offers less opportunities for edition
Based on these factors, it has been easier for hackers to hide their malware in other types of files than in PDFs.
But that doesn’t mean (at all) that the PDF you just received is necessarily safe !
Can a PDF contain malware?
A PDF can be used as an attack vector for hackers. In order to do this, some techniques are available to them.
Scripts
PDFs can have scripts in order to provide for a minimum of user interaction and edition (like for example filling in fields or signing a document or to enable interaction with buttons like “print”).
These scripts can be edited in a normal fashion (via tools like Adobe Acrobat Pro) and can then be executed by the PDF readers. But hackers can also inject their own commands in these PDF files.
- Javascript: This is probably the main threat for a PDF file: this format allows the insertion of javascript, to allow the reader to interact with the document fo example. Hackers can therefore insert their own malicious javascript code that exploits specific vulnerabilities to compromise an endpoint
- System commands: It’s possible to insert system commands in a PDF file that will run on opening. These can be conditioned to validation by the reader (similar to the activating macros validation in an Excel, PowerPoint or Word file) but it’s possible to edit the message in order to increase the odds that the reader will activate the commands. These transform the PDF into a de facto executable file.
- Insert malware: It’s also possible to insert malware in a PDF. This can be achieved (for example) with the Metasploit module exploit/windows/fileformat/adobe_pdf_embedded_exe (Metasploit is an open source library of exploits and malware ready to use for pen-testing teams) that exploits vulnerabilities linked to certain PDF readers (Adobe Reader for example) to open a backdoor to the target endpoint on opening
Multimedia content
A PDF with multimedia content can present a risk: videos or audio files can be corrupted and used to mask malicious code.
Objects like Word or Excel files that are integrated within a PDF can also contain malware. For example, opening a PDF can lead to a Word file being opened and the deployment of malware (like a loader) if macros are activated
Social engineering and links
Finally, there is an even simpler technique to turn a PDF into an intermediary in the compromission of an endpoint: social engineering.
The hackers’ goal here is to convince the user to click on the links that are in the PDF file. This can be achieved by leveraging certain psychological tricks (curiosity, fear, authority, personal gain…).
The links can redirect the users towards malicious sites that will harvest their credentials (fake login page) or trick them into downloading malware (drive-by-download)…
What security steps can be taken to protect the use of PDFs in a company?
Nothing can completely secure a company from attacks using a certain type of file (especially when the format is used multiple times on a daily basis) but some measures can be taken to mitigate this risk.
- Install updates: This is evident but it’s important to install operating system, PDF reader and browser updates in order to protect from known and patched vulnerabilities
- Deactivate javascript in the PDF reader: This function is available in Acrobat Reader and protects from the execution of malicious Javascript code
- Use protection mode: For Acrobat Reader users, activate the protection mode and prevent the opening of non-PDF files with external applications by the PDF reader
- Teach, train and help: your teams to detect phishing and spear-phishing attacks that will use a PDF vile as an attack vector, in order to ensure that your teams have the right reflexes when faced with these attacks
Oops! Something went wrong while submitting the form.
More reads
Overview of phishing attacks
Overview of phishing attacks
Overview of phishing attacks
Phishing, spear-phishing, smishing, vishing, whaling... a quick guide
A bit lost navigating all the different kinds of phishing cyberattacks? Here's a quick guide to give you an overview of each: phishing, spear-phishing, whaling, smishing, vishing.
Mantra Team
Business Email Compromise (BEC) Definition & Tips
Business Email Compromise (BEC) Definition & Tips
Business Email Compromise (BEC) Definition & Tips
What is Business Email Compromise (BEC) and how to avoid falling for it?
What is a Businesss Email Compromise cyberattack? How do hackers run these types of attacks and how can you protect your company from them?
Mantra Team
Anti-spam protections can be bypassed by hackers
Anti-spam protections can be bypassed by hackers
Anti-spam protections can be bypassed by hackers
How hackers bypass anti-spam to deliver phishing emails
Anti-spams are great! But hackers have elvoved to counter them and developed techniques to bypass them and successfully execute phishing campaigns.
Mantra Team