A new antivirus evasion method that includes inserting a malicious Microsoft Word file within a PDF file has been brought to light by cybersecurity researchers. According to JPCERT/CC, the cunning technique, known as MalDoc in PDF, was used in an actual assault in July 2023.
Despite having magic numbers and a PDF file structure, a file created with MalDoc may be accessed in Word, according to researchers Yuma Masubuchi and Kota Kino. When a Word document with a configured macro is opened, VBS starts up and engages in malicious actions. These specifically created files—in this case, both PDF and Word (DOC)—are known as polyglots because they are a legal representation of multiple separate file formats.