Can PDFs Contain Viruses? 4 Critical Things to Watch Out For


Adobe PDF (Portable Document Format) files were once known to be immune to viruses. However, since CNET announced a new virus was traveling in PDFs in 2002, many users continue to wonder if PDFs are safe.

Can PDFs contain viruses? 

Yes, Adobe PDF documents can carry various types of viruses or malicious executable code. Malware is primarily hidden in multimedia content, hyperlinks, JavaScript code, and system commands. The malware attack executes when users open the file or interact with the embedded content after opening.

These files include static components like images and text plus dynamic details like forms. While PDF elements make the document understandable, functional, and visually appealing, they can be corrupted to carry out malicious functions. Let’s go over what to look out for, how to check your PDFs for viruses, and how to protect your system from attacks hidden in this file format.

Multimedia Content May Include Hidden Risks

A PDF document with multimedia content, such as Adobe Flash, video, and audio, can be easily corrupted using malware embedded within the multimedia files. This tactic is considered a trojan named for the Trojan Horse method of hiding an attack within something outwardly deemed harmless.

Typically, you can download and play the video or audio successfully. However, if no malware protection measures are in place, a virus can launch and carry out its background tasks. Therefore, you should always use an antivirus scanner to check embedded multimedia content.

These files may also contain hyperlinks that redirect you to malicious sites or code the attacker uses to manipulate your system remotely.

PDF documents have a different level of psychological trust than a webpage. But, hyperlinks in PDF text can be just as harmful. Since it’s normal to find links to helpful resources within PDFs, attackers may use this to lead you to malicious sites. The hacker can compromise your system with unsolicited downloads or manipulate you into providing some information you wouldn’t otherwise give.

Most antivirus software is capable of identifying infected hyperlinks. Still, knowing whether the PDF source you are downloading is safe and checking whether the hyperlinks are relevant to the document’s content is an essential step.

Pro Tip: Hover over any hyperlinks to see where they will take you. You’ll see a small tooltip in the lower left of the page in a browser’s PDF reader.

Can pdfs contain viruses? 4 critical things to watch out for

Most PDF reader application will show you the same link destination near your cursor when you hover over a link

Can pdfs contain viruses? 4 critical things to watch out for

Do not trust that the web address/URL you see printed is the same as the hyperlink address you’ll be forwarded to.

JavaScript Can Be Destructive

JavaScript is a programming language responsible for the creation of dynamic elements and graphics. It’s mostly used in website pages to control the functionality and the appearance of content. However, attackers use JavaScript to exploit specific PDF reader vulnerabilities to initiate malware.

The best way to tackle malicious JavaScript files is to disable JavaScript within your PDF reader. However, doing so can reduce the document’s functionality, so checking for a virus first is the best way to go.

Code-Manipulated System Commands Wreak Havoc

A PDF file can contain code that instructs your computer to execute a command. But, if this code is infected with a virus, the command’s fulfillment will launch malware and compromise your system. It’s critical to use the official Adobe Reader and keep it updated to guard against these types of command-level attacks and protect your system.

How to Check a PDF File for Viruses

Especially if you receive PDFs from suspicious senders, it’s vital to scan the document for any viruses. Sometimes you can extract a safe copy of the file, but other times, it’s best not to open the document.

The following are tools you can use to check PDFs for any malware:

VirusTotal

VirusTotal is an excellent and free online tool you can use to determine whether a PDF file is safe. It uses virus-signal detection and other identification functions to assess the safety of a PDF. It states the detected threats clearly so that you can choose to continue interacting with the file or not.

Pro Tip: Before downloading a PDF, you can submit the web address or URL of a PDF to VirusTotal. The site will scan the file giving you greater assurance it’s safe. This an excellent step to take prior to downloading, linking to, or forwarding a PDF from your smartphone.

VirusTotal also allows you to check whether URLs found in a PDF are safe. Right-click, copy, and paste the link into the URL option on VirusTotal to quickly scan the destination before visiting the website. This way, you can protect yourself from harmful redirects and downloads.

Antivirus

Your computer’s local antivirus provides you the most comprehensive protection scanning PDF files upon download. After using VirusTotal to check a PDF document before downloading, we recommend running your antimalware software to detect any other problems the online malware scanner might have missed.

Remember that most operating systems like Microsoft Windows and Apple macOS now include security features with built-in virus and malware software. Additionally, there are many free, third-party options like BitdefenderAvast, and Kaspersky that focus on detecting malicious code and executable files.

Pro Tip: Mobile device antivirus or antimalware is unnecessary for most users and tasks, including reading PDF files. Focus on keeping your desktop or laptop secure and updated.

How to Protect Yourself from Malicious PDFs

Man wearing helmet protecting his laptop from pdfs containing viruses

While it’s tough to prevent yourself from encountering PDFs with viruses, you can mitigate some threats.

The following tips can help you stay safe while using PDFs:

Update Your PDF Reader

The reason that software updates are provided is mainly to improve functionality and patch identified vulnerabilities in the currently-installed software. It’s best to use the reader application directly from Adobe Acrobat Reader. But regardless of which PDF viewer you’re using, always update your software when it notifies you.

Be careful when following through with any notifications about app updates. Instead of following links to update your PDF reader from a third-party website, popup notification, or a sent link, update your PDF editor or reader from within the application itself. Alternatively, visit the official website and download the latest version.

This strategy can only shield you from infections that are manipulating already-known viruses and vulnerabilities and not newly-developed ones. Since attackers know that many users are lazy about updating their software, many don’t aim to create new threats; instead, they use old ones.

Disable JavaScript on Your PDF Reader

It’s vital to disable JavaScript when opening PDFs from untrusted sources, so an infected document doesn’t execute destructive JavaScript code. This strategy was introduced by Adobe in 2009 when they experienced threats through malicious alterations of JavaScript code in files.

The instructions for turning off JavaScript in Adobe are:

  1. Run Acrobat or Adobe Reader.
  2. Choose Edit and select Preferences.
  3. Pick the JavaScript Category.
  4. Look up the ‘Enable Acrobat JavaScript’ option and uncheck it.
  5. Finalize the process by clicking the OK button.

Whatever PDF reader you’re using, you can follow the specific steps provided on their official website to disable JavaScript.

Keep Your System and Applications Up to Date

Your PDF reader isn’t the only software susceptible to attacks through PDFs. All your software needs to be updated so that malware rarely slips through any cracks.

Sometimes, the security measures of your browser or PDF reader might be insufficient. Your antivirus scanner may also not catch malware before you open a PDF. Your left depending on your operating system and other software to protect itself.

The more security measures you have, the higher your chances are of protecting your system holistically. The first step to cybersecurity is keeping all your software updated.

Use Your Browser’s Built-in PDF Reader

Most widely-used browsers like Google Chrome, Firefox, Safari, and Microsoft Edge have a built-in PDF reader. These browser readers have a sandbox that provides device protection from many threats present in a PDF.

To use your browser for reading PDFs, you need to set it as your default reader software for the file type. Alternatively, you can uninstall other PDF reader programs.

Using a browser to read PDFs will help protect you when opening files with malicious payloads. It’s still a good idea to manually check PDFs using a virus program before you download them or directly after downloading before opening.

Avoid Email Attachments Sent By Unknown Senders

PDFs are often sent via email since it’s become a defacto standard for providing a view-only document. Even when you know the sender, be suspicious as some viruses leverage your contacts’ trust to spread.

Close-up of man's face wearing goggles with reflection of email which has a pdf that might contain a virus

Suppose you’re using email providers like Google’s Gmail or Apple’s iCloud. In that case, these companies scan email attachments for viruses paying particular attention to files with higher known threats. Business file attachments with file extensions like .docx, .xlsx, .pdf contain features and executable code that simple text files do not have. Treat these email attachments as if they are infected files.

When you see an unknown sender’s email, do not open attachments with a PDF file extension or otherwise. If you’ve already opened the message in your email client, avoid downloading or opening the PDF, which may deploy malware instantly.

Use A Virtual Machine

If you handle numerous PDFs or are curious about some files you get, another way to ensure your systems aren’t compromised is by using a virtual machine. This way, you can isolate your operations and safely browse the PDF links and the overall operations on the file.

virtual machine is a computer inside a computer in the form of software. It enables you to use an operating system within your existing operating system to execute trial operations in a safe, isolated environment.

Here’s a video explaining what a virtual machine is in less than a minute:

Final Thoughts

Like many other internet files, a PDF can contain a virus. It could be hidden in multimedia files, JavaScript code, hyperlinks, or system commands. The virus can be deployed to your system by opening the file or carrying out specific tasks. Nevertheless, you can check any PDF for any malware and protect your systems from infection using effective cybersecurity tactics.

Looking for our latest recommendation on PDF viewing and editing? Check out our Recommended Tech page.

Mike Chu

Mike is a web developer and content writer living as a digital nomad. With more than 20 years of devops experience, he brings his "programmer with people skills" approach to help explain technology to the average user. Check out his full author bio by clicking here.

Recent Posts