Open Forum

A new hacking technique has been discovered that allows hackers to hide malware within PDF files, which are usually safe and easy to open on any device. The technique, called MalDoc in PDF, involves embedding a malicious Word document within a PDF file. The Word document contains code that can run on your computer and infect it with malware. The combined PDF document embeds a Word document with a VBS macro designed to download and install a malware file if opened as a .doc file in Microsoft Office.

Hackers then attempt to deceive their victim into opening a PDF file in Word by using social engineering techniques. The email may appear to be from a legitimate source, like a bank, a delivery service, or a government agency, to trick you. The email could request you to open the PDF file in Word to view important information or verify your identity.

If you open the PDF file in Word, you will see a warning message that says macros are disabled. Macros are disabled by default to prevent malicious code from running on your computer. However, the hackers may try to convince you to enable macros by claiming that viewing the document properly or accessing certain features is necessary. This can have serious consequences, including the theft of your data or giving remote access to hackers.

How can you protect yourself from this attack? 

• Do not open PDF files in Word. Use a dedicated PDF reader application instead
• Do not enable macros in attachments received from the Internet. Microsoft blocks many macro-enabled file types as email attachments 
• Do not click on links or open attachments from unknown or suspicious senders. Verify the sender's identity and the purpose of the email before opening anything
• Use antivirus software and keep it updated. Antivirus software can detect and block malware and warn you of potential threats

MalDoc in PDF is not the only hacking technique that uses PDF files. Hackers can also use QR codes - a square-shaped barcode that can store information, such as URLs. Hackers can embed QR codes in PDF files and trick you into scanning them with your phone. The QR codes can lead you to phishing websites that steal your personal or financial information.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------

Thanks for the heads up.  In your post you suggest using a dedicated PDF reader application.  Would a browser extension work for this application or do you suggest reverting back to the adobe reader?

------------------------------
Jerry Black
Operations Manager
Agency Title, Inc.
Louisville KY
+1 (502) 339-1145
------------------------------

Original Message:
Sent: 09-22-2023 09:06
From: Genady Vishnevetsky
Subject: Security BUZZ - new MalDoc in PDF technique

A new hacking technique has been discovered that allows hackers to hide malware within PDF files, which are usually safe and easy to open on any device. The technique, called MalDoc in PDF, involves embedding a malicious Word document within a PDF file. The Word document contains code that can run on your computer and infect it with malware. The combined PDF document embeds a Word document with a VBS macro designed to download and install a malware file if opened as a .doc file in Microsoft Office.

Hackers then attempt to deceive their victim into opening a PDF file in Word by using social engineering techniques. The email may appear to be from a legitimate source, like a bank, a delivery service, or a government agency, to trick you. The email could request you to open the PDF file in Word to view important information or verify your identity.

If you open the PDF file in Word, you will see a warning message that says macros are disabled. Macros are disabled by default to prevent malicious code from running on your computer. However, the hackers may try to convince you to enable macros by claiming that viewing the document properly or accessing certain features is necessary. This can have serious consequences, including the theft of your data or giving remote access to hackers.

How can you protect yourself from this attack? 

• Do not open PDF files in Word. Use a dedicated PDF reader application instead
• Do not enable macros in attachments received from the Internet. Microsoft blocks many macro-enabled file types as email attachments 
• Do not click on links or open attachments from unknown or suspicious senders. Verify the sender's identity and the purpose of the email before opening anything
• Use antivirus software and keep it updated. Antivirus software can detect and block malware and warn you of potential threats

MalDoc in PDF is not the only hacking technique that uses PDF files. Hackers can also use QR codes - a square-shaped barcode that can store information, such as URLs. Hackers can embed QR codes in PDF files and trick you into scanning them with your phone. The QR codes can lead you to phishing websites that steal your personal or financial information.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------