“Outsmarting the Cyber Boogie-Man: Understanding the Novel ‘MalDoc in PDF’ Antivirus Evasion Method”

“Outsmarting the Cyber Boogie-Man: Understanding the Novel ‘MalDoc in PDF’ Antivirus Evasion Method”

Malware Sneaks In Via Stacked PDFs: Embedding Word Docs Hacks New Path

MalDoc in PDF Technique

The cybersecurity world never sleeps, and the boogie-man that goes bump in the byte is stirring once again. Researchers have spotlighted a novel antivirus evasion method that involves posing malicious Microsoft Word files as harmless PDF files. That’s right, it’s like a Trojan Horse, except it’s a malicious document hiding inside a PDF. Who knew that PDFs were more than just a pain to edit?

Unfolding the MalDoc in PDF Attack

Dubbed ‘MalDoc in PDF’ by the fine folks at JPCERT/CC, this undercover operation was spotted in action in a real-world attack in July 2023. The trick involved in this method is pretty crafty, folks. A file created with ‘MalDoc in PDF’ reveals its wicked smile in MS Word, even though it dresses up in the costume of a PDF. Do remember not to judge a file by its extension!

JPCERT/CC’s Insight:

The masters at JPCERT/CC shared that a file dressed as a PDF can code-switch to MS Word. What this means in non-tech terms: it looks innocent, promises you a soothing read, then suddenly pops up in Word, showing its true colour…uh, code! Seriously, folks, this is no friendly magic trick, this is what we call an illusionist’s nightmare!


In the cyber-realm of smoke and mirrors, a new threat has emerged: ‘MalDoc in PDF’. This antivirus evasion method involves embedding a malicious Word file into a PDF. Researchers noted this sneaky tactic, being used in a real-world attack in July 2023, that involves a file created with ‘MalDoc in PDF’ retaining the ability to open in MS Word, despite bearing the superficial appearance of a PDF. Plot twist: just like a computer science major at a party, it’s not what it appears to be at first glance.

Original Article: https://thehackernews.com/2023/09/beware-of-maldoc-in-pdf-new-polyglot.html

Leave a Reply

Your email address will not be published. Required fields are marked *


Your Cart Is Empty

No products in the cart.