Laptop and tablet on desk

“Can PDFs have viruses?” is a frequently asked question when it comes to keeping your files safe. Unfortunately, the answer is yes. To make matters worse, hackers can also sneak in malicious code to infect your files and devices with malware and Trojans. But that doesn’t mean you should stop using them altogether. 

PDFs, or Portable Document Format, are one of the most widely used file types to exchange documents. They can contain everything from simple words to links, audio, and even videos. If you’ve received an email and clicked on an attachment (who hasn’t?), it will likely be a PDF. The bad news is threat actors can take advantage of this popular method of sending files by hiding a virus or malware in a PDF, which can lead to your smartphonetablet, or laptop becoming infected. 

Clicking and opening a PDF file can cause a virus or malware to start its dirty work. It’s nasty business, but there are ways to detect and defend yourself against PDF-based viruses.

How can PDFs contain viruses?

The most common way for a malicious PDF to infect your devices is through an email attachment or ebook websites. Since PDFs contain images, text, forms, and signatures, hackers can slip in malicious scripts and exploit vulnerabilities. This can be done in several ways:

JavaScript

JavaScript is a computer programming language that powers virtually everything on the web. It allows web developers to execute code to change a website’s or browser’s behaviour and functionality. PDFs also contain scripts that display signature blocks, print buttons, the current date, and more. Bad actors can hide their own malicious JavaScript code in a PDF that the standard user won’t notice, which can exploit vulnerabilities in PDF reading software.

Suspicious emails

Sometimes, attackers will try to dupe unsuspecting victims by sending them a seemingly harmless email. This is known as phishing. While the email may not contain malicious links, the attached PDF file will contain a virus in its script or links to download malware unknowingly. Email clients like Gmail have antivirus scanning measures to prevent users from opening dodgy attachments, but hackers have found ways to work around this.

Hidden objects

Cybercriminals can try to bypass antivirus software by embedding or encrypting objects in a PDF. These objects can be an image or a video, and as soon as they are clicked, they can launch the virus or malware.

How can I detect if a PDF has a virus?

Infected PDF files are found everywhere, including emails from an unknown source or when downloading an ebook, report, or free PDF template from an untrustworthy site. Fortunately, a PDF with a virus can’t cause harm if it isn’t opened. If you find something off about a PDF file you wish to open, it’s best to check if it contains harmful code before clicking on it. 

Mail app icon on iPhone

First and foremost, if you receive a suspicious email with an attachment but are unfamiliar with the sender, refrain from opening it. Attackers often masquerade as official-looking companies to trick users, but you may find inconsistencies in the email that don’t add up. This can include typos, strange-looking emails, or questions about your personal information that aren’t needed. If you still need clarification, contact the company directly to ask about the email. 

You can use online tools to scan a file before opening it. PDF Examiner by Malware Tracker allows users to upload a PDF file and tell you if there are any known exploits. 

Using the right PDF viewer will also go a long way in preventing a virus or malware from infecting your devices. While there are many free PDF viewers, software like Adobe Acrobat Reader will keep suspicious files in check thanks to routine security updates. Adobe invented the PDF file, after all. 

How to defend against a PDF virus

There are a few ways to prevent viruses or malware from creeping onto your device. One of the best ways is to disable JavaScript on your PDF reader. For those that use Adobe Acrobat Reader, follow the steps below:

  • On Windows, click Edit and navigate to Preferences. On Mac, select Acrobat / Acrobat Reader and click Preferences.
  • In Categories, select JavaScript.
  • In the JavaScript Security panel, uncheck Enable Acrobat JavaScript.

Another way to keep viruses or malware at bay is to use antivirus software. Windows and macOS have built-in antivirus software that can scan for unusual activity and eliminate unwanted viruses or malware. If you haven’t already, you can download Windows Defender

For even better security, you can download third-party antivirus software such as BitdefenderNortonMcAfee, and more. It can be tricky to find which antivirus app is best suited for you, and if you’re wondering, here’s how to choose the best antivirus software