New Attack Shows Weaponized PDF Files Remain a Threat

When it comes to packaging malware, the file format of choice remains Microsoft Word or Excel, but a recent attack using a PDF file to lure in victims caught the attention of researchers. The campaign — observed by HP Wolf Security — sent the maliciou PDF as an email attachment. Once opened, it used a variety of tactics to evade detection, embed malicious files, load remote exploits, and shellcode encryption, according to the researchers. The exploited vulnerability in this campaign (CVE-2017-11882) is over four years old, yet continues being used, suggesting the exploit remains effective for attackers." the HP Wolf team reported on the malicious PDF attack in a recent blog post.

Read more about it: Here