We stand with Ukraine to help keep people safe. Join us

Tags Malware Threats Malware

eBook Worms: How to Spot and Avoid PDF Malware

Can a PDF file contain a virus? The answer is definitely yes. Each of us has opened a PDF at least once on our devices. The popularity of this format makes them an irresistible opportunity for cybercriminals to insert malicious code and create a security thread. Luckily, there is a way of preventing falling victim to these threats — Clario's antivirus. Activate real-time protection to be protected 24/7.

Table of contents

The Portable Document Format — or PDF as we know it — is probably one of the most frequently used file formats for sending documents. It can be found everywhere from schools to offices and banks, successfully replacing print-outs — and that's why malicious actors love it, too.  

 

PDF files are not easily editable compared to rich text files like Microsoft Word's DOCX or Apple's PAGES files. Since you cannot just open a PDF and edit it as you please (even if you have special and often pricey software), PDFs are used for contracts, bank statements, and any other important documents that need to be signed and sent.

 

The “fill & sign” abilities of PDFs are where the danger lies. They work inside PDFs with the help of special scripts. Unfortunately, this means that malicious code can be lurking within or alongside such scripts. And a virus hiding within a PDF file can quickly infect your computer, be it a PC or even a Mac.  

 

When you download a book, hard-to-find scientific report, or free PDF template for your small business (especially if such documents come from untrustworthy websites), you might find a nasty surprise inside. Worse still — your PDF might turn out to be nothing but a virus disguised as a PDF file.  

 

Let's see what dangers can hide within PDF files and how to counter them.

How can a PDF file contain a virus?

PDFs can have viruses that come embedded with a code that makes documents signable and (somewhat) editable. The mechanics are very similar to virus-infected Microsoft Word files. While their malware hides inside macros scripts, an infected PDF file will contain malicious JavaScript code.  

Are PDF books safe?

A PDF is not an executable file, so it cannot infect your machine while sitting idle on your hard drive — the malware in a PDF needs to be interpreted and executed through PDF reader software.  

 

This is why a PDF virus cannot infect most older e-readers and modern e-paper and e-ink books. Dedicated e-reader devices run an extremely abridged version of Linux OS or a custom OS under the hood, so are unable to interpret and run malicious scripts.  

 

Unfortunately, Android-based e-readers with regular touchscreens (devices like Amazon's Kindle Fire) are potentially vulnerable. iOS devices should be safe from viruses in PDF files due to app memory sandboxing. However, many viruses are emerging for iOS, too, so it's worth being cautious.  

 

PC and Mac machines are the most vulnerable to threats hidden in ebooks. This is because the software for opening and editing PDF files on desktop and laptop computers can interpret and run the malicious code injected by a hacker.

How can an infected PDF contaminate your computer?

Let's look at how PDF files containing malware infect your computer and where such files usually come from.

 

Malicious scripts in PDFs

PDFs often contain scripts for extended capabilities. For example — in addition to fill and sign functionality — they can display the current date, add print buttons, format data, perform calculations on the input, etc. It's possible to add such scripts with the help of JavaScript using software like Adobe Acrobat Pro. Unfortunately, hackers will likely use more technically intricate ways to add malicious code to PDF files.  

 

PDF files need PDF reading software to open and display their contents. This way, PDF readers become unwilling accomplices of hackers because either the apps themselves or their plugins will be able to run the injected code. Third-party plugins in PDF-reading software can also be a gateway for malicious scripts — if possible, you should disable them.

Native certified plugins in Foxit Reader have JavaScript (JS) enabled. A non-certified plugin below might be a threat and should be disabled.  

Malware disguised as PDFs (PDF phishing)

You have probably heard about email phishing — hackers send you emails pretending to be somebody else and try to make you click links that will either steal your data or infect your computer with a virus. There are two PDF-related variations of phishing:

 

Emails with infected PDFs

An approach very similar to regular phishing. As a rule, such emails are executed better than generic phishing emails and target specific recipients. The content of the email won't have suspicious links. Still, it will contain either PDF files with viruses in the scripts, download links to malware files, or have a trojan virus disguised as a PDF in the attachment (something like document.pdf.exe).  

 

Fake clickbait books

These PDF files pretend to be the books you want to download online. While looking for a specific book or document online, you might come across a free download link.  

 

Initially, it might look like you've struck gold — the author, title, and cover match what you were looking for. Then, there is a proper intro, maybe even a couple of pages the hackers took from an official preview available online.  

 

However, a few pages in, the text ends, and there is a download link that supposedly leads you to a complete copy of this book. Best case — the link will take you to a paid site with pirated content. Worst case — the link will download a virus. So don't risk it, and avoid clicking such links.  

Is it safe to download free PDFs from internet libraries and search engines?  

The initial question that should be asked about online libraries — isn’t downloading free pdf books illegal? It's not illegal to download books that are either free or have entered the public domain due to copyright expiration. However, most books on such websites like PDFdrive are pirated content. Their disclaimers usually warn against downloading any books you have no right to download for free.  

 

PDFdrive is one of the largest collections of free PDF downloads. So is PDFdrive safe? It contains everything from legitimately free books, educational materials, and voluntarily shared files, to pirate content — the danger is that anybody could add ebook files with any malware lurking inside at some point.  

 

While websites like PDFdrive, Library Genesis, or Internet Archive try to keep their sites and content safe — most of that content is stolen, isn't checked for copyright infringements, and can be hijacked and added there by anyone including cybercriminals.  

 

Trojan fake PDF files and malicious scripts can sneak into any PDF that you try to download. IPirate sites do try to provide their readers with quality content to keep them returning to watch or click the ads. However, it's impossible to keep track of billions of books, documents, magazines, etc.

So many versions of Lewis Carrol's "Alice in Wonderland" (public domain book) alone — who knows what threats are hiding within some of them.

Apps that offer free ebook downloads carry all the same dangers as free online libraries. Often, they are nothing but an app-based wrapper or a shortcut to some external online library. What's worse — such installable apps can be gateways to malware for your iPhone, iPad, or Android phone.

A real Google Play Market online library app that obviously went rogue and started distributing malware instead of books.

So, it looks like free online libraries are not just tempting sources of freebies, but decent malware repositories, too. Luckily, there are places where you can download books legally and sometimes even for free.

Where to download ebooks without viruses?

The safest places for buying and downloading ebooks are reputable booksellers like Amazon, Barnes & Noble, the book sections on iTunes or GooglePlay, official online book stores, or direct downloads from the living authors. They also feature public domain books for free so you don’t have to splurge immediately to have something interesting to read.

 

Ultimately, the safest way to obtain and read ebooks is to do it via an official distributor. Especially so when your target device is a dedicated e-paper or e-ink device reader and not a fully-functional smart tablet in disguise (Kindle Fire, we're looking at you). This way, you also won't have to worry about the format of the book you're about to download.

How safe are other ebook formats?

Are ebook formats other than PDF as likely to contain viruses? Well, it's much harder, but still possible to sneak a virus into a MOBI or AZW file for Kindle. An infected EPUB (preferred ebook format for iPhones and iPads) can also be a real thing because EPUB files are essentially special archive files containing HTML, CSS, and JavaScript scripts.  

 

But as said before, malicious code needs interpreters. So digital e-ink/e-paper e-readers are most likely to be safe even with an infected ebook on board. However, if such files are opened on your computer, there might be consequences.  

What rules to follow to avoid getting a bookworm?

As you've learned, even seemingly harmless PDF or EPUB files can infect your computer. So if you really need a book, but it cannot be bought through a reliable online vendor, before you download from some shady website, try to:

  • Look for it at the library. You'd be amazed at the finds at your local library or the library of your local college or university.
  • Find out if you can buy it directly from the author or the current copyright holders.
  • Look for a different format — the book could be available as an audiobook or a video lecture.

If all of this fails and you must get a book from a free online library, there are ways to keep your devices safe.

 

How to avoid getting a virus from a PDF (or another ebook format):

  1. Use a pre-moderated online library requiring registration (like Scribd).
  2. Make sure there are no mistakes in the book title or the author's name. If there are, then you might have spotted a fake.
  3. Don't open the ebook directly on your computer — use cloud readers (for example, PocketBook Cloud or Google Drive's preview capabilities) instead of opening suspicious files on your machine.
  4. If you must open the book on your computer, disable third-party party plugins and JavaScript execution in your e-reader's settings.
  5. Scan the PDF file for a virus with antivirus software before opening it.
  6. Don't click any links inside the book or document.

If you suspect that a PDF file has already infected your computer, run a full antimalware check using your antivirus software.

 

If you want to protect your computer and mobile devices from all possible threats, use a reliable and versatile solution. With Clario, you’re not only getting all-encompassing real-time anti-malware protection, but also 24/7 assistance from a dedicated team of security professionals. Follow the instructions to bulletproof your device:

  1. Download Clario 
  2. Get a subscription to create an account 
  3. On the dashboard, click Device
  4. Hit Start scan and let Clario check your device for malware
  5. If there are any malicious files, follow the on-screen instructions to protect your device.

 

Use these precautions, and don't download suspicious PDF files from non-trustworthy websites if you can avoid them. It's better to pay for a book than for repairs to your machine if it gets infected. Happy reading!

 

Read more:

Keep reading

With our anti-malware on, viruses have no chance of passing through.

Get started