April 11, 2019

Downloading files from the Internet has always been a risky business – and PDF files are no exception. EdgeSpot, an exploit detection service, has identified a new range of malicious PDF files in the wild – all containing a specific type of zero-day malware designed to harvest user data behind-the-scenes when the files are opened in Chrome. 

What’s at stake 

Imagine you’ve opened a PDF file in your browser. The document looks exactly as you imagined it – and there’s no sign that anything is out of the ordinary. Yet, your personal data is already on the way to some remote location and there’s nothing you can do about it. This particular malware collects many types of information – including IP addresses, Chrome browser versions, PDF file paths, and operating system details – sending them through HTTP POST request to a remote server. 


If that doesn’t sound worrying already – EdgeSpot said that almost every antivirus failed to detect the malware and even marked the files as “clean”!  


No fix at the moment 

It’s April 2019, and Chrome only plans to release a fix at the end of the month – despite first reports of the malware appearing in December 2018. Instead, Google suggests that Chrome users are extra careful with PDF documents, only opening trusted files, or using other PDF viewers instead of Chrome’s built-in one. While awareness of the exploit is one step forward – it’s nowhere near enough to guarantee protection. 


Zero-day malware like this often evades traditional detection through antivirus – so that’s no surprise. The question is – what can be done to ensure protection when opening PDF files in Chrome? And in general, how can we ensure file-based exploits like this don’t compromise our systems? Especially in an organization where PDF files, and other files, are commonly shared around – and it would be easy for an infected one to find its way in. All it takes is for one user to open a malicious file by mistake, and the cascade of events that follow can be catastrophic. Many organizations hold private data that would cause great losses (financial and otherwise) if it falls into the wrong hands – so preventing malware infections is vital. 


When anti-virus doesn’t cut it 

An effective approach is to use a file-sanitization solution like Votiro File Disarmer – which stops malicious files from getting to an organizational network in the first place. Using patented CDR technology, File Disarmer disassembles incoming files, neutralizes threats (including zero-day malware), and reassembles the files – clean and safe to use. So, when a user opens a PDF file, they can be sure it’s free from any type of file-based security threat. The entire process takes under a second, and files retain full functionality. Users can carry on work as normal, without presenting a security risk to the organization, downloading and using files as needed. 


This PDF exploit is unlikely to be the last of its kind – with new types of zero-day malware cropping up all the time 


Take a no-nonsense approach to protection from file-based threats with Votiro File Disarmer – contact us today to find out more. 

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Privacy policy