Skip to main content

Don't open that PDF email attachment - it could well be malware

cyber security
(Image credit: Pixabay)

Forms of malware utilising infected PDF files has seen an incredible surge over the past few years as criminals look for more devious ways to target victims, new research has claimed.

Figures from Unit 42, the security research arm of Palo Alto Networks, says that it detected 1,160% increase in malicious PDF files between 2019 and 2020.

These files reached a high of 5,224,056 last year as criminals searched for methods to target employees working from home during the pandemic, where they often face less security scrutiny than they would if they were in an office.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Phishing attacks

Unit 42 noted that PDF files are also an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with just a plain link.

The company identified five top schemes used by criminals to carry out phishing attacks last year, which it identified as Fake Captcha, Coupon, Play Button, File Sharing and E-commerce.

Fake Captcha attacks were by far the most common, making up over a third (38.67%) of all attacks detected. Instead of using a real Captcha image, the phishing scam detected by Unit 42 instead just used an embedded image of a Captcha test, meaning that when the user attempts to verify themselves by clicking on the "continue" button, they are taken to a malicious website.

Coupon-themed attacks looked to lure in victims by offering promotions or money off, but again took victim to a hacker-controlled website, with Play Button attacks taking after the Captcha technique of substituting a static image instead of a video, which when clicked on, redirected the victim.

In a similar vein, File Sharing attacks used imagery and logos from services including Dropbox or OneDrive to trick victims into thinking they had reached a legitimate file download website, asking them to click on a link or image to gain access - which again redirected them away.

Lastly, E-commerce attacks created emails and documents claiming to be from top companies such as Amazon or Apple telling the victim that they needed to verify their accounts, and providing links to do so - which when clicked, again redirected the victim to a malicious website.

"Data from recent years demonstrates that the amount of phishing attacks continues to increase and social engineering is the main vector for attackers to take advantage of users," noted Unit 42 lead researchers Ashkan Hosseini and Ashutosh Chitwadgi

"Prior research has shown that large-scale phishing can have a click-through rate of up to 8%. Thus, it is important to verify and double check the files you receive unexpectedly, even if they are from an entity that you know and trust. For example, why was your account locked out of nowhere, or why did someone share a file with you when you least expected it?"