There are many methods by which malware can sneak in without you even realizing it. A very common way is through email, with attached files. Hackers are constantly perfecting their techniques to bypass antivirus or trick the victim. In this article we are going to talk about how they use PDF files via e-mail to strain malware and exploit vulnerabilities. We will explain how to avoid these attacks.
PDF as attachments to sneak malware
Hackers typically use Word files to sneak malware. They are usually made to pass for a invoice or an important document that the victim must open. But of course, the fact that it is so common has caused both antiviruses and users to be attentive to this type of file.
Now they have found a new strategy and it is send a PDF file by mail and hide inside a Word document with malicious macros. They indicate it from HP Wolf Security in a new report. The attackers use this new method so that the victim falls into the trap and thus be able to steal information of all kinds.
They have detected that the strategy consists of sending a PDF that pretends to be a invoice. They usually indicate that it is a payment and that the victim is supposed to receive an income. Once that file is opened, Adobe Reader requests that a Word document inside it be opened, and that’s where the problem begins. That, at first, is already unusual. It should alert the victim by now.
The attackers have created a message indicating that the file has been verified, with the intention of generating trust and that the victim falls into the trap. In case they open that file and the macros are enabled, they will download an RTF file which will start a command to try to exploit an old windows vulnerability. Specifically, it exploits the CVE-2017-11882 error. This allows stealing data, passwords and collecting all kinds of information.
What to do to avoid this problem
The most important thing is the common sense and be careful whenever you receive a PDF file (or any other) by e-mail. We have seen how this strategy uses these types of documents to sneak a Word file and execute the malicious payload. But for the attacker to be successful we must download and open that file, so if we don’t, nothing will happen. You should always recognize if a PDF is secure.
In addition, another very important issue is to keep the updated system correctly. In this way, even if we click by mistake and download a document of this type, we will have all the vulnerabilities corrected and we will have less risk of suffering a computer attack. It is essential to have the latest version of Windows or any other operating system.
On the other hand, the importance of having a good antivirus. These security programs will analyze the files that we receive and download from the e-mail. We are going to have another security barrier there that can help us prevent very varied attacks.
In short, as you have seen, they use PDF files to hide malicious Word and thus reach the victim’s computer. It is important to avoid making mistakes and always be protected. Many types of computer attacks will require that we only download a file to be executed.
