Hackers are now hiding malicious Word documents in PDFs — how to stay safe

Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Hackers have begun hiding malicious documents in PDF files as a means to spread malware while avoiding detection by security software.

As reported by BleepingComputer, Japan’s computer emergency response team (JPCERT) discovered a new attack method called “MalDoc in PDF” back in July of this year.

MalDoc in PDF attacks work by using polyglots, which are files that contain two distinct file formats. In this case, the hackers behind this campaign are using Microsoft Word and PDF files. However, these types of files can be interpreted and executed as more than one file type, depending on the application that is opening them.

This isn’t the first time that hackers have leveraged polyglots in their attacks. These types of files are typically used to evade detection as they appear legitimate in one format while the other format contains malware.

Using macros to install malware

Although JPCERT hasn’t shared any details on the particular malware strain being used in this campaign, it did offer further details on how MalDoc in PDF attacks work.

The PDF files containing malicious Word documents also include a VBS macro which is used to download and install an MSI malware file on vulnerable computers when they’re opened in Microsoft Office.

Like other attacks that use Word files, this one relies on macros being enabled on a victim’s PC. Fortunately, if they’re turned off, MalDoc in PDF is unable to bypass a computer’s security settings to install malware.

According to JPCERT's blog post on the matter, the techniques used in these new MalDoc in PDF attacks are novel because they can allow the malicious documents included in these PDFs to evade PDF analysis tools like ‘pdfid”. In order to make these kinds of attacks easier for security firms and researchers to spot, the cybersecurity agency has created a new Yara rule.

Still though, an attack like this can be particularly confusing as most people would likely never imagine that a document could actually contain two different file types. 

How to stay safe from malicious documents

Hackers have many different tools in their arsenal, but malicious documents remain one of the most popular after malicious apps. For this reason, you need to be extremely careful when opening any file that hits your inbox or that you’ve downloaded online.

While downloading files from your friends, family and coworkers is normally okay, you still need to be on the lookout for any red flags that might indicate the email didn’t originate from someone you know. These include spelling and grammatical errors, as well as language that seeks to instill a sense of urgency in order to get you to respond or to open a file.

At the same time, you should be using the best antivirus software on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone. This way, even if you do download a malicious document or other dangerous file, it will be flagged by your antivirus so that you know it’s dangerous.

Now that JPCERT has shined a light on MalDoc in PDF attacks, hackers may try to do something similar using a different file type. However, as long as you’re careful online and avoid downloading attachments or files from shady websites, you’ll be less likely to fall for their tricks.

More from Tom's Guide

• 1.2 million people hit by meal service data breach — what to do now
• This notorious Mac malware has resurfaced as an office productivity app
• Millions of Duolingo users at risk from targeted phishing attacks after data leak