Hi. I downloaded and opened an unknown PDF in Acrobat on my MacBook that contains phishing and trojan code. (Unfortunately I opened it in the non-sandboxed full version of Acrobat).
While I did not click on any of the links in the PDF, as I noticed it was clearly a phishing attempt, I was unaware simply opening it could run javasacript and compromise my Mac.
I don’t know if it did compromise my mac, but yesterday I uploaded the PDF to VirusTotal and 4 of the 62 vendors detected it as phishing. Today, 11 of the 62 vendors now detected it, both as phishing and trojan. In VirusTotal’s sandbox, it clearly is adding/deleting/dropping files.
The Sandbox that runs on VirusTotal may only be running in a Windows environment though - as that appeared to be the file structure. I don’t think VirusTotal’s sandboxes would mimic loading that pdf in a non-sandboxed Acrobat on a mac.
The PDF file is now only in my “trash”. I purchased and ran an Avast scan on my Macbook just now, and it did not detect any malware issues (or that virus file). I’m concerned it may not be catching potential changes it made to my system and a planted trojan - since this may be a new threat.
EDITED: I did just send the pdf file to Avast as a false negative so they can add it to their definitions, as well as determine if it is leaving malware or trojan code on macs. Hopefully they will do this, as I don’t know what their process/policy is.
The PDF file is now only in my "trash". I purchased and ran an Avast scan on my Macbook just now, and it did not detect any malware issues (or that virus file).
Does avast scan the trash folder? I dont know as i dont use avast
I do see it is now detecting it on VT, however if I right click on that pdf on my computer (in my downloads folder), it says No Threads Found. My Avast is updated as of a minute ago.
I’m mostly concerned about any trojan/malware it may have left on my mac. I’m hoping that the scripts were only written for Windows. How would I check that, as I am relying on Avast right now to see if there are any traces - but since it says the file is fine - maybe it means there is no threat on a mac?
3. I'm mostly concerned about any trojan/malware it may have left on my mac. I'm hoping that the scripts were only written for Windows. How would I check that, as I am relying on Avast right now to see if there are any traces - but since it says the file is fine - maybe it means there is no threat on a mac?
There is no malware help and log check to get in this forum any more, all experts has left the building
The report indicates that the file is a PDF exploit kit (EK) used to deliver malware.
Specifically, it is detected as a type of PDF exploit kit known as “LunchDrop” or “LunchDrop SKM”,
which is a family of PDF exploits that target vulnerabilities in Adobe Acrobat and Adobe Reader.
The file is dated back to 2022, with the earliest detection being reported on February 16, 2022.
However, it’s likely that the file was created earlier and was distributed through various channels.
including email spam, phishing campaigns, or drive-by downloads.
The malware is designed to exploit vulnerabilities in Adobe Acrobat
and Adobe Reader to execute arbitrary code on the victim’s system.
The malware can lead to the installation of additional malware.
including ransomware, trojans, and other types of threats.
It’s essential to note that the file is not a legitimate PDF document and should be treated as malicious.
If you have opened or downloaded this file, it’s recommended to immediately disconnect from the internet, update your antivirus software, and run a full scan of your system to detect and remove any potential malware infections. (See the sites with qualified malware removers that Pondus mentioned to you, which may help you remove the malware under guidance.). (Remember, such a routine is strictly personal and not a general routine.).
Remember to always exercise caution when opening or downloading files from unknown sources.
especially if they are in PDF format. It’s also crucial to keep your software
and operating system up-to-date with the latest security patches and updates.