Security researchers are now warning of a new trick used by cybercriminals. A malicious Word file is embedded in a PDF to evade malware detection. This means that malicious code has free rein on the PC.
The Japanese Computer Emergency Response Team, or JPCERT for short, informs about this new “MalDoc in PDF” attack. It was discovered in July 2023 and then presented to the public at the end of August.
The file examined by JPCERT is a polyglot file that is recognized as a PDF by most tools but can be opened by Office applications as a normal Word document (.doc).
Polyglots are files that contain two different file formats that can be interpreted and executed as more than one file type depending on the application that opens them.
The attackers take advantage of this ability and send manipulated files. The malicious files are often a combination of PDF and Word documents that can be opened as both file formats.
In this case, the PDF document contains a Word document with a VBS macro to download and install an MSI malware file when opened as a .doc file in Microsoft Office. However, a virus scanner only “sees” the PDF and not the manipulated Word file. This is how malicious code got onto the PC unhindered – if you don’t adhere to applicable security measures, such as deactivating the macros in Word.
Japan’s CERT has not released any details about the attacks or what type of malware is installed in the process. It is also not known whether the vulnerability is already being actively exploited.
Although embedding one file type into another is not new, as attackers often use polyglot files to evade detection for better distribution, the specific technique is new, writes the JPCERT.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
