Security News > 2024 > May > How attackers deliver malware to Foxit PDF Reader users

How attackers deliver malware to Foxit PDF Reader users
2024-05-15 13:25

Threat actors are taking advantage of the flawed design of Foxit PDF Reader's alerts to deliver malware via booby-trapped PDF documents, Check Point researchers have warned.

The researchers have analyzed several campaigns using malicious PDF files that are targeting Foxit Reader users.

NET and Python exploit builders, the most popular of which is the "PDF Exploit Builder", to create PDF documents with macros that execute commands/scripts that download and execute malware.

The threat actors are also taking advantage of the fact that some of the pop-up alerts Foxit Reader shows when opening these booby-trapped files make the harmful option the default choice.

Attackers are relying on users to ignore the text of the alerts and sail through them by quickly accepting the default options, and thus allow Foxit to execute the malicious command.

Foxit PDF Reader is used by over 700 million users around the world and has customers in the government and tech sectors.

News URL

Related vendor

Foxit 6 2 54 25 1 82