The exploit analysis firm EdgeSpot recently discovered PDF exploit that was using
steganography to hide malicious JavaScript code in images embedded in PDF files.
“Shortly after last week’s discovery of a PDF exploit which used the method of this.getPageNumWords() & this.getPageNthWord() for obfuscation, we found another, but much more powerful exploit obfuscation technique in PDF exploits.” reads the analysis published by EdgeSpot.
“This technique uses a so-called “steganography” method to hide malicious Javascript code in images embedded in PDF files, it is so powerful as it could bypass almost all AV engines.
The sample was detected as “exploit CVE-2013-3346” by our EdgeLogic engine, same as the previous one.”
Attackers can use specially crafted PDF documents that can bypass the detection of antimalware software.
Experts pointed out that the sample they analyzed was first seen in VirusTotal in October 2017, but last week its detection rate was still very low, only one anti-virus engine was able to detect it.