Can PDF files be dangerous?

Updated at: Oct 01, 2019
By Gatefy

PDF can be dangerous

Yes, PDFs can be harmful. History has already shown us that the combination of an email and a malicious PDF attachment can be quite devastating, with losses reaching millions of dollars. That's why it's important for organizations to think about email protection.

One thing is right, it's hard to imagine the world without PDF files. For businesses, in particular, they have several purposes.They’re important for consolidation and submission of proposals, agreements, invitations, and product information.

PDF is widely used because it’s flexible. It can contain text, image and codes at the same time. Many people don’t know but it’s even possible to play games in PDF files, such as tic-tac-toe, for example.

The problem is that this flexibility has a dark side, which is exploited by hackers. So, opening a PDF file can endanger important information from your organization and even open a backdoor so criminals can access your devices. 

How criminals use PDFs

There are different ways to manipulate PDF files. In general, the most common techniques used by criminals involve:

JavaScript: Many PDFs contain JavaScript code, which could end up running malicious files.

URLs: In order to prevent anti-virus and other engines from detecting threats in email content, criminals embed malicious links into PDFs.

Embedded files: some PDF readers use a blacklist to block file types based on extension, such as .rar, .zip, .exe and .vbs. But there are many types of other files that can be embedded and exploited by criminals, such as Word documents and QuickTime and Flash media files.

Encrypted PDFs: It´s possible to embed an encrypted and malicious PDF file inside another PDF. The technique is mainly used to deceive detection engines.

Solutions

To prevent attacks and threats, you should disable JavaScript in your PDF reader, disable the display of PDFs in your browser, and not open PDFs from people you don’t know. Besides that, as most attacks happen by email, it’s important to research and understand email protection solutions.