MalDoc In PDF Attack Embeds Malicious Word Files Into PDF Files

Japan's JPCERT has unveiled a 'MalDoc in PDF' attack (July 2023) that hides harmful Word files within PDFs to avoid detection. JPCERT examined a polyglot file appearing as a PDF to scanners but opening as a Word doc. Polyglots merge formats and can be read differently by different apps. Cybercriminals exploit this by creating PDF-Word hybrids to slip past defenses. In this case, the PDF holds a Word doc with a VBS macro, triggering malware download when opened as a .doc in Microsoft Office. Details about the malware type are undisclosed by Japan CERT. Read more...