Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus


Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.

The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

“A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF,” researchers Yuma Masubuchi and Kota Kino said. “If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”

Such specially crafted files are called polyglots as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC).

Read more…