Malicious PDFs | Revealing the Techniques Behind the Attacks

April 4, 2019
PDF attacks

Email users are mindful on how attackers used phishing and spear-phishing campaigns and how this medium is being the source of these attacks as with most email attachments or links, PDF files have gotten a lot of attention from threat actors.


Code Execution


Our familiarity with the possibility of malicious Office attachments that run VBA code from Macros or use DDE to carry attacks, yet not all that outstanding is the way PDFs can execute code.


In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that enables a file to run a malicious command. Keep in mind that PDF readers aren’t simple applications like Adobe Reader and Adobe Acrobat. Most browsers contain a built in PDF app that can also be targeted. In other cases, attackers may use AcroForms or XFA Forms, scripting technologies used in PDF creation that were expected to include useful, interactive features to a standard PDF document.


PDF Attacks Protection


It’s difficult to tell whether a PDF record contains a credential stealing-callback or malicious JavaScript before opening it. Obviously, for most users and most use cases, that’s not a practical solution


There are, however, two or three things you can do on the user-side. Most readers and browsers will have some type of JavaScript control. In Adobe’s Acrobat Reader DC, for instance, you can impair Acrobat JavaScript in the Preferences and oversee access to URLs. Likewise, with a bit of effort, users can likewise modify how Windows handles NTLM.


For enterprise situations, you should ensure you have a decent EDR security solution that can offer both full visibility into your network traffic, including encrypted communications, and which can offer comprehensive Firewall control. Obviously, nowadays, behavioral AI detection is a must-have to properly protect your network and assets from all attacks, including malicious PDF.




Utilizing malicious PDFs is an incredible strategy for threat actors as there’s no way for the user to be aware of what code the PDF runs as it opens. Both the file format and file readers have a tendency of getting exposed and, later, getting patched. Because of the useful, dynamic features incorporated into the document format, it makes sense to anticipate that further flaws will be exposed and exploited by adversaries. With the ever-increasing tide of phishing and social engineering tactics targeting users, it’s essential that you stay vigilant about the risks of PDFs and enact an anti-Phishing solution which is also evolving that could be future proof to prevent attacks.

About the author

Leave a Reply