Can a PDF have a virus? Yes, here’s how to protect yourself

A PDF file can absolutely contain a virus — as well as other digital threats like ransomware, spyware, and phishing links. Read on to learn how cybercriminals hide malware in PDFs and spread them across the internet, and how you can help protect your devices from malicious downloadable files.

How can PDFs contain viruses?

A PDF may look like a simple text image, but the seemingly innocuous format can hold much more than meets the eye, including hidden scripts, links, and embedded files. PDFs’ ability to pack extensive content into a uniform, easily readable, and familiar-seeming file makes it a convenient tool for various types of hackers.

Here’s a closer look at ways in which cybercriminals use PDFs to spread viruses and other threats:

• Malicious JavaScript: Normal PDFs can use JavaScript, a programming language, to run interactive features like forms or buttons. However, hackers can abuse scripts to run hidden code, exploit bugs in apps that read PDFs, or trigger downloads that install malware.
• Phishing links: Some PDFs contain clickable phishing links or QR codes that lead to fake websites; visiting such sites can trigger drive-by downloads of viruses. These files may look like legitimate invoices, delivery notices, or security alerts. Even if the PDF itself isn’t infected, clicking phishing links can expose you to scams, credential theft, and malware exposure.
• Embedded files: Secondary payloads, such as malicious .exe or .DLL files, can be embedded within a PDF document. They can be set to run when a victim opens the PDF or interacts with it in a certain way, such as by clicking on a link.
• PDF viewer vulnerabilities: Some malicious PDFs are built to target weaknesses in outdated or unpatched PDF readers. When opened, these files can take advantage of software bugs to run code on your device without permission. In some cases, the attack installs malware silently or steals data stored in your system.

The attack surface for PDF files is extensive, covering virtually any device capable of opening or viewing them. This broad reach puts PDFs high on the list of mobile security threats, and poses a particular risk for government employees, legal professionals, and those in healthcare who routinely handle sensitive information.

How hackers spread infected PDFs

There are a few different ways cybercriminals spread infected PDFs, including email attachments in phishing messages, free ebook downloads, and social media.

Here’s a closer look at the main attack vectors:

• Email attachments: Victims can download and open malicious PDFs sent via phishing emails and spam. These emails often use urgent language or too-good-to-be-true deals to fool recipients.
• Malicious downloads: Downloading a free ebook or another “informational” PDF resource from a shady part of the internet can result in a malware infection.
• Drive-by browser attacks: Although less common today (because modern browsers tend to open PDF documents in sandboxed environments), this was once a serious attack vector. Older browsers relied on Adobe Reader plugins to render PDF documents, and vulnerabilities in those plugins allowed attackers to execute malicious code remotely when a user simply visited a compromised webpage.
• Social media: Malicious PDF documents can be sent to victims using social media applications or platforms like Facebook Messenger, WhatsApp, Telegram, or LinkedIn. What could appear like a friendly message or harmless ad could really be malicious.

What types of malware can PDFs have?

Malicious PDFs don’t usually contain malware themselves. More typically, they contain buttons or scripts that trigger malware downloads when the victim interacts with them, a bit like booby traps. Types of malware you could download from an infected PDF include ransomware, spyware, and RATs. Let’s dig in:

• Trojans: A Trojan horse virus is a type of malware disguised as something harmless that delivers or performs something malicious, usually without the user knowing. Thus, a virus-laden PDF document disguised as a tax invoice is itself an example of a Trojan.
• Ransomware: PDF documents have been used in ransomware campaigns. Victims are enticed with social engineering tricks to click a link in the PDF that eventually leads to a ransomware download. Ransomware can lock away your device’s sensitive files until you agree to pay a fee to a hacker.
• Remote access Trojans: Otherwise known as RATs, remote access Trojans give attackers complete remote control over your device. They can access your webcam, sensitive files, and accounts. They can also abuse your device to spread malware further afield.
• Spyware: This kind of malware covers keyloggers, credential stealers, trackers, and more. The main goal of spyware is to record your sensitive information, like your online banking login credentials, or track your phone.

Signs a PDF has a virus

Signs that you may have received a PDF containing a virus include out-of-the-blue messages from unknown senders, spoofed links, an urgent tone, and suspicious requests for permissions. Always err on the side of caution when it comes to PDF attachments: don’t open a file that raises your suspicions. Here’s a closer look at PDF red flags:

• PDF attachments from unknown senders: If you get an unexpected email from someone you don’t know, and it contains an attachment, send it right to your spam folder.
• Links that don’t match the displayed URLs: Hover over links with your mouse (on PC) or long-tap them (on mobile) to see the URL they lead to. If you see discrepancies or evidence of typosquatting, don’t click.
• Urgent warning messages: Be wary of PDFs that claim your account will be locked, your payment failed, or your computer is infected unless you act immediately. Hackers use alarming language to pressure you into clicking links or opening embedded files before you have time to think.
• Unexpected prompts requesting permissions. Often, malware contained within a malicious PDF will need certain permissions to run. If you open a PDF and you get requests for permissions to access your contacts, camera, or files, delete it and use a malware scanner to check your device for viruses.

What happens if you open a malicious PDF file?

Opening a suspicious PDF file or clicking links contained within it could lead to malware downloads, data theft, account takeovers, or a fully compromised device. Ultimately, cybercriminals aim to profit financially by getting their hands on your sensitive data or scamming you directly.

Exposing sensitive data to bad actors could even result in identity theft, the consequences of which could include ruined credit or crimes committed in your name. If an infected PDF contains keylogger malware, hackers could record your online banking login credentials and drain your accounts.

How to protect yourself from PDF viruses

Infected PDFs pose a risk to both businesses and individuals, but there are steps you can take to protect yourself. These include not opening unfamiliar files, keeping your software updated, disabling JavaScript in PDFs, and being phishing aware:

• Don’t open unfamiliar files: If you’re unsure about a PDF file’s provenance, you encountered it on an unfamiliar website, a stranger sent it to you via email, or you were led to it by an ad, don’t open or download it.
• Keep software updated: Software with unpatched vulnerabilities can be exploited by hackers, giving them access to your device and sensitive information. Don’t procrastinate software updates.
• Disable JavaScript in PDFs: To help shield yourself from PDF-borne malware, you can simply disable JavaScript when viewing PDF documents, choosing to turn it on again only when you know you can trust the document.
• Be phishing aware: Reduce your chances of encountering a malicious PDF in an email attachment by asking yourself a few questions: Is this email unexpected? Is it trying to create a sense of urgency? Does it contain an offer that’s too good to be true? If the answer to any of these questions is “yes,” there’s a good chance it’s a phishing message.
• Use security software: Antivirus software exists to eliminate malicious files and alert you to potential threats — including infected PDFs. Comprehensive Cyber Safety software, like Norton AntiVirus Plus, can help you stay safer from spyware, viruses, ransomware, and even scams.

How to scan PDFs for viruses

When you’re suspicious of a PDF document and think it may contain a virus, scan it using antivirus software before you proceed. With Norton, scanning a file for malware is easy:

1. Download Norton AntiVirus Plus.
2. Sign in to your Norton account (or create one).
3. Open the app and run a virus scan.
4. Follow the instructions that appear on your screen.

Protect yourself from viruses with Norton

Protecting yourself from virus-laden PDFs and other cyberthreats doesn’t have to be confusing or difficult: let Norton AntiVirus Plus do the hard work for you.

This powerful Cyber Safety suite will help safeguard your device and sensitive data, alert you to potential scams, and automatically eradicate viruses. Plus, with a password manager and Deepfake Protection, you’ll be able to enjoy a safer browsing experience that’s freer from worry.

FAQs

Can you get a virus just by opening a PDF?

Yes, you can get infected just by opening a PDF, but there are a few things you can do to lessen the chances of this happening, such as keeping your software up to date, disabling JavaScript on PDF documents, and being aware of suspicious emails.

Are PDFs safe to open on my phone?

If you know where the file comes from, then opening a PDF on your phone should be fine. But remember that it isn’t safe to open a suspicious PDF of unknown provenance on any device — whether desktop or mobile.

Can a PDF give me a virus if I don’t open it?

No, PDF documents are data files, and they cannot execute on their own without you performing an action, such as opening the document or clicking on a link within the document.

How do I know if a PDF is safe?

To be sure that a PDF is safe, scan it using trusted antivirus software before opening or interacting with it.

How effective is antivirus software against malicious PDFs?

Antivirus software can be extremely effective against malicious PDFs, but it isn’t foolproof — some threats may still slip past its protection. To help close security loopholes and limit the damage that a malicious PDF can cause, it’s paramount to keep your antivirus software, apps, and operating system up to date.