New malicious PDF

A new type of malicious PDF file has recently been spotted in the wild.

This one contains an malicious object that was embedded into the file through the use of common the FlateDecode and ASCII85Decode filters for images.

The object in question is an .xml file containing a malicious .tiff file, detected by Trend Micro as a Trojan downloader.

The author(s) of this malicious PDF took advantage of an old and one recently discovered vulnerability to allow the Trojan to connect to various URLs and downloads additional malicious files.




Share this