A Japanese agency managed to detect a ‘MalDoc in PDF’ attack, involving PDFs with embedded malicious Word files that bypass detection by traditional PDF analysis tools.
On August 28th, Japan's computer emergency response team (JPCERT) released a blog post defining the technique that attackers are using to bypass detection and spread malicious PDFs.
JPCERT called the technique “MalDoc in PDF.” The malicious file has magic numbers and the file structure of a PDF – however it can be also opened using Microsoft Office. When opened as a .doc file in Microsoft Word, it performs malicious behaviors.
Since the file has a PDF file’s structure and is recognized as one, it can confuse PDF analysis tools, sandboxes, and antivirus sofware and it cannot detect the file’s malicious parts embedded in the Word format.
JPCERT explains that the MalDoc file is created by adding an mht file and macro to a "PDF" file object. According to the agency, an analysis tool for malicious Word files could be an effective countermeasure to this malicious attack technique, as it can indicate embedded macros in the file.
More from Cybernews
What does the latest friend.tech hype say about crypto friends?
AI Achilles heel: why we shouldn’t bow to our computer “overlords” just yet
Users report being banned on Telegram despite never using it
Customer data compromised in Kroll cyberattack
Century-old technology hack brought 20 trains to a halt in Poland
Subscribe to our newsletter
Your email address will not be published. Required fields are marked