Cybercriminals Turn to PDF Files to Deliver Malicious Payloads

Q1, 2019 saw a marked increase in the use of PDF files to deliver malware, according to the Q1 2019 Cyber Threat Report from SonicWall.

Office documents containing malicious macros are still extensively used to deliver malware, but thanks to security awareness training, employees are wary of office documents and have been instructed not to enable macros in Office files.

PDF files are extensively used by businesses, so end users are likely to encounter these files on an almost daily basis. PDF files are also more likely to be trusted as end users, in the mistaken belief that they are benign, when that is not always the case. SonicWall data shows PDF files are becoming much more popular with cybercriminals for that very reason and trust in PDF files is being abused in a new wave of attacks.

These files do not house malware, instead they contain links that users are instructed to click for a variety of seemingly valid reasons. When end users click the links they are directed to phishing websites where login credentials are harvested or malware is downloaded.

In addition to a high probability of a click, many cybersecurity solutions are unable to detect the links as malicious. These attacks are especially effective on small- and medium-sized businesses, which tend to lack advanced cybersecurity solutions capable of detecting and blocking these threats.

SonicWall reports that it detected 74,000 never-before-seen attacks in 2019, yet already in 2019 it has detected 173,000 new malware variants. In March alone, 83,000 never-before-seen malicious events were detected by SonicWall’s Real-Time Deep Memory Inspection technology. Out of those 83,000 unique threats, 67,000 involved PDF file attachments that linked to scams and 5,500 PDF files directly linked to malware.

“By forcing malware to reveal its weaponry into memory, RTDMI detects and proactively stops mass-market, zero-day threats and unknown malware accurately utilizing real-time, memory-based inspection techniques,” explained SonicWall.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of