PDF Malware Distribution Has Increased by 500%, as Reported by VirusTotal

A new edition of the “VirusTotal Malware Trends Report” series, which focuses mostly on “Emerging Formats and Delivery Techniques,” has been published by VirusTotal to understand the nature of malicious attacks better.

A representative subset of user submissions from January 2021 through the end of June 2023 was utilized for creating all the data in this report.

The attackers are increasingly employing new file types and tactics to circumvent detection. Email attachments continue to be a common means to propagate malware.

According to reports, campaigns are linked to reported rises of suspicious PDF files. Even while it seems as though the trend has gradually slowed down, it continues to encounter new campaigns in 2023, with the largest peak of suspicious PDF files ever recorded occurring in June 2023.

Also, attackers started adopting OneNote as a trustworthy substitute for macros in other Office applications in 2023, and antivirus (AV) software was originally taken aback by this new format.

 Additionally, there is a rise in the use of ISO files by hackers to disseminate malware, often by attaching them as compressed files that are challenging for security software to analyze.

The installation packages for a range of software, including Windows, Telegram, AnyDesk, and malicious CryptoNotepad, are being disguised as ISO files.

Malware Distribution Trends

Despite being a relatively ancient strategy, spreading malware using email attachments experienced a rise in popularity as early as 2022.

To better understand the development of defenses and the efficacy of various social engineering approaches, attackers combine the use of well-known distribution routes for malware with new forms.

“We have observed these PDFs being used for various purposes; for example, they could be “weaponized” to exploit a vulnerability, or simply contain a link to a phishing site that requests information”, according to the VirusTotal report.

By 2023, malware that is sent as an email attachment will increasingly be in the OneNote format. In 2023, it emerged as the most potent newcomer attachment format.

It allows attackers to include malicious URLs and other scripting languages, such as JavaScript, PowerShell, Visual Basic Script, and Windows Script, inside the document.

Due to its tremendous adaptability and resourcefulness for attackers, OneNote is now a trustworthy substitute for the traditional usage of macros by attackers in other Office products.

“Malicious OneNote files usually embed a malicious file (vba, html+jscript, PowerShell, or any combination of them) and, as happens with malicious Office attachments, try to convince the victim to allow execution”, reads the report.

Final Thoughts

The security industry must recognize the necessity for alternate file formats for malware transmission, and more effort must be made to thwart these emerging means of infection.

As legitimate websites are frequently used for malware distribution, it is advised that you monitor trends in malware distribution and actively check how your security stack responds to reduce infection risks proactively.

Include all logs to/from allowed legitimate websites in your analysis, and avoid focusing solely on anomalous traffic with your anomaly detection. 

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNews, Linkedin, Twitter, and Facebook.