A malicious PDF sample has been found by a security firm which has been exploiting Google Chrome browser zero-day, whenever a PDF file is opened using the built-in feature by Google's owned web-browser.
EdgeSpot, a security firm found out that the purpose of the exploitation is to track the users, which could help in future malicious attacks and exploitations. When the same file is opened in other PDF viewers like Adobe Reader no malicious activity was noticed.
Two different malicious PDF files identified by the researchers, one around October 2017 and the other in September 2018. The first batch of malicious PDF files directed users towards “readnotify.com” whereas the other was directed towards the domain was “zuxjk0dftoamimorjl9dfhr44vap3fr7ovgi76w.burpcollaborator.net”.
Patrick Wardle, Mac malware security expert said that the whole purpose of first batch files was to track people who were viewing their file using ReadNotify’s document tracking system which is available since 2010. There was no malicious activity involved even after exploiting the chrome bug, but users are unaware of it.
As far as the second batch is concerned, its nature is not yet identified, whether it was just for tracking or a serious threat.
Google was reported about vulnerabilities by EdgeSpot in December last year and they promised to resolve the issue by April 2019.
Read Next: Creepy Websites Will No Longer Be Able To Detect Chrome Incognito Mode
EdgeSpot, a security firm found out that the purpose of the exploitation is to track the users, which could help in future malicious attacks and exploitations. When the same file is opened in other PDF viewers like Adobe Reader no malicious activity was noticed.
"When the sample [PDF file] is opened in Google Chrome from our local disk... we observed that some outbound traffic has been made, and data was sent to the domain 'readnotify.com' while there's no user interaction, in other words, the data was sent out silently without the user’s approval.", explained EdgeSpot team in a blog post.According to the research, information from users’ device like OS version, Chrome, Version, PDF file path on the computer, IP address were used to by the PDF documents to contact remote domain.
Two different malicious PDF files identified by the researchers, one around October 2017 and the other in September 2018. The first batch of malicious PDF files directed users towards “readnotify.com” whereas the other was directed towards the domain was “zuxjk0dftoamimorjl9dfhr44vap3fr7ovgi76w.burpcollaborator.net”.
Patrick Wardle, Mac malware security expert said that the whole purpose of first batch files was to track people who were viewing their file using ReadNotify’s document tracking system which is available since 2010. There was no malicious activity involved even after exploiting the chrome bug, but users are unaware of it.
As far as the second batch is concerned, its nature is not yet identified, whether it was just for tracking or a serious threat.
Google was reported about vulnerabilities by EdgeSpot in December last year and they promised to resolve the issue by April 2019.
Also Read: Study Revealed How Chrome Extensions Are Deceiving Its UsersFor now, users are advised to use desktop apps to view their PDF files instead of Chrome built-in viewer or disconnect the internet connection when viewing the PDFs in chrome.
Read Next: Creepy Websites Will No Longer Be Able To Detect Chrome Incognito Mode