Can PDFs have viruses and infect devices?

Anton P. | September 08, 2022

Can PDFs have viruses? Yes, they can if attackers taint such documents with malicious code. Despite their benign appearance, PDFs can be a part of highly dangerous malware campaigns. Perpetrators can contaminate PDF docs with trojans, keyloggers, credential stealers, spyware, etc.

Thus, it is best to take caution and scan the file you got from the internet. Note that some malware-ridden PDFs can manifest stealthier behavior that circumvents detection by antivirus tools. So, more actions are necessary to protect devices from malicious PDFs.

Are PDF files common in malicious campaigns?

When it comes to conveniently exchanging electronic documents, PDF files are hard to beat. They represent one of the most common file formats used in nearly all industries. However, the popularity of PDF files makes them easily recognizable to nearly anyone going online.

According to TrendMicro statistics, PDFs are the third most common file formats found as malicious email attachments.

The familiarity and a sense of safety do the trick of convincing phishing targets to download and open PDFs. Researchers have reported many malware examples exploiting PDFs:

A Java-based RAT named StrRAT used PDF files in its malware campaign to infect users. The malware was after password and bank information victims saved on their devices.
A keylogger called Snake spread via malicious emails containing PDF attachments that embedded Word documents.
Lazarus email campaigns targeted users with macOS malware in dangerous PDF files disguised as crypto-based job offers.

How can PDFs have viruses?

Hackers can manipulate PDF documents to taint devices with various infections. Additionally, it can be the preferred file format for phishing campaigns when Word or Excel files seem less natural. For instance, PDFs are much more common for invoices or documents featuring payment information.

Also, PDFs are powerful as they can interact with remote sites, feature embedded files, or launch local applications. Furthermore, PDFs can have clickable URLs and JavaScript. The latter code additions can customize PDF files. However, it opens doors for structures triggering malicious behavior.

In the case of StrRAT, the downloaded PDF would contact a malicious domain and then download malware or variants like scareware. The Snake infection showcased different behavior: file embedding. If targets downloaded the tainted Snake PDF and opened it, they were prompted to open .docx documents.

What damage can PDF viruses do?

The consequences of downloading and opening a PDF file depend on the type of infection it spreads. Generally, opening a malicious PDF file can initiate any kind of behavior set up by hackers.

However, the most common ones include stealing information like credentials or financial details. It also allows hackers to spread additional malware by creating backdoors. So, an infected PDF file can cause many issues, from data theft to ransomware.

Malware hidden within ebooks

There are legitimate options for downloading free PDFs from internet libraries. Of course, some users might stumble upon downloads that are neither legal nor safe.

Pirated ebooks are common bait hackers use to lure book lovers into their traps. While legitimate distributors might initiate scans or checkups of uploaded content, guaranteeing foolproof safety is impossible.

Before downloading classic novels or going for more contemporary fiction, see whether your download does not violate copyright laws. Then, remember that criminals could taint ebook PDFs with malware and scripts, severely compromising devices.

How to defend against PDFs that have viruses

PDF files are just as dangerous as executables. So, protect your devices from malicious documents by following these recommendations.

Do not download unknown PDF files

Due to the dynamic features of PDF format, you can never know what activities such files can initiate. So, make it a rule never to download unknown PDF files. For instance, random emails with PDF attachments could originate from malicious senders.

However, fully avoiding PDFs is not a realistic option. Thanks to its universal capabilities, you will likely encounter them on various occasions. Therefore, you need to learn how to verify PDF file safety.

Update your software

Vulnerabilities in PDF readers and other software can facilitate the arrival of malware. Therefore, keeping all programs running their latest versions reduces the chances of getting infected.

Disable JavaScript in PDF documents

Turning off JavaScript in PDF readers is appropriate for dealing with code execution attacks. So, if you download a PDF designed to run malicious scripts, this code should not be able to run. Of course, it might not be a long-term solution, as JavaScript might be necessary for trusted PDFs.

Use a trustworthy PDF reader

Many PDF readers exist, but be sure to use one that comes from trusted sources. Additionally, it should receive frequent updates to combat vulnerabilities.

PDF viruses could exploit software flaws to run malware, create backdoors, or steal data. A well-managed and updated application is much more resistant to such exploits.

Scan the file for malware

You can separate malicious PDFs from harmless files by scanning them with antivirus programs. For this, you will likely need to download a file.

However, even infected PDF documents are unlikely to cause issues until you open them. Therefore, you can get a suspected PDF and use your antivirus software to see its safety status.

However, file-scanning software does not always work as users would expect. Since it is possible to conceal PDF file components, scanners might miss certain red flags of malicious behavior. So, if you encounter a suspicious PDF file or Office document, it is better not to download it at all.