Beware of Polyglot Malware Hiding in PDFs

Polyglot Malware - JungleIT Leeds

A dangerous new form of malware was recently discovered that bypasses detection by embedding malicious Word files into PDFs.
This "polyglot" malware exploits the PDF format in a novel way to avoid detection by security software.

A dangerous new form of malware was recently discovered that bypasses detection by embedding malicious Word files into PDFs. This “polyglot” malware exploits the PDF format in a novel way to avoid detection by security software.

What is Polyglot Malware?

Polyglot malware packages executable code together with a PDF document. The code is hidden within PDF objects that normally contain benign assets like fonts or images. When the PDF is opened, the malware extracts and executes the embedded code while also displaying the PDF’s contents.

How Polyglot Malware Works

The hackers behind this malware found a creative way to leverage PDF features for concealing exploits. PDFs can contain multiple versions of embedded resources, allowing files to work properly on different platforms. The malware embeds its malicious payload within an alternate version of a resource that won’t be loaded on most PDF readers. However, the malware includes code to extract and execute this hidden resource.

Cyber Security Risks of Polyglot Malware

Polyglot malware represents a dangerous new method for delivering cyber security exploits. Since the malicious code is nested within legitimate PDF content, it can evade antivirus software looking for suspicious files. The malware also avoids detection while being transmitted, since it is contained within an inconspicuous PDF.

Once executed, the malware has full access to the victim’s system. It could install additional payloads, extract sensitive data, or hold files for ransom. The novel malicious techniques used by polyglot malware also increase the risk of the exploit spreading widely before cyber security tools catch up.

How to Mitigate this Cyber Security Risk

There are a few key steps you can take to reduce the cyber risk from this new cyber threat:

  • Exercise caution when opening PDFs from untrusted sources. Try to verify the legitimacy of unfamiliar PDFs before opening them.
  • Keep your Operating Systems, software, and antivirus tools up-to-date. Security vendors will rapidly deploy detections for this exploit as it spreads.
  • Consider using a PDF reader that restricts or isolates access to embedded content. Some enterprise PDF tools have more robust cyber security options.
  • Be wary of enabling macros or active content in documents from unverified sources. This remains a common venue for malware.

Reduce Your Cyber Security Risk

The discovery of novel exploits like polyglot malware highlights that cyber attacks continue to evolve. However, with proper cyber security awareness and a cyber security arc, you can greatly reduce your risk. Get in touch to find out more about the steps we can take to help you improve your cyber security and reduce the risk of falling victim to cyber threats.

For more information about Cyber Security awareness, please visit JungleIT.

All events

All sponsors