@inproceedings{pirker_curious_2020, title = {A {Curious} {Exploration} of {Malicious} {PDF} {Documents}}, isbn = {978-989-758-399-5}, url = {https://www.scitepress.org/PublicationsDetail.aspx?ID=a4IHFkdWePg=&t=1}, abstract = {The storage, modification and exchange of digital information are core processes in our internet connected world. Common document formats enable this digital information infrastructure. More specifically, the widely used PDF document format is a commodity container for digital information. Although PDF files are a well established format, users may not know that they contain not only simple textual information, but can also embed pieces of program code, sometimes malicious code. This paper explores the capabilities of the PDF format and the potential of its built-in functions for malicious purposes. PDF file processors that implement the full PDF standard also potentially enable credential phishing, loss of privacy, malicious code execution and similar attacks via PDF documents. Furthermore, this paper discusses the results of practically evaluated, working code snippets of PDF feature misuse and strategies to obfuscate and hide malicious code parts in a PDF document, while still conf orming to the PDF standard}, booktitle = {Proceedings of the 6th {International} {Conference} on {Information} {Systems} {Security} and {Privacy} - {Volume} 1: {ICISSP}}, author = {Pirker, Martin and Lindenhofer, Julian and Offenthaler, Rene}, month = feb, year = {2020}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, closed Access, peer-reviewed}, }