Threat actors are exploiting a vulnerability in Foxit PDF Reader's alert system to deliver malware through booby-trapped PDF documents, according to researchers at Check Point.
The researchers have identified several campaigns targeting Foxit Reader users with malicious PDF files.
Threat actors are exploiting the fact that some of the pop-up alerts in Foxit Reader make the harmful option the default choice when opening these compromised files.
The first pop-up alert warns users that certain features are disabled to avoid potential security risks, giving them the option to trust the document one time only or always.
Once the user clicks OK, another alert appears.
Attackers are banking on users ignoring the alert text and quickly accepting the default options, thereby allowing Foxit Reader to execute the malicious command.
Foxit PDF Reader, used by over 700 million people globally, including in government and tech sectors, has been exploited by various threat actors ranging from e-crime to APT groups.
These groups have been leveraging this exploit for years, often evading detection by most antivirus software and sandboxes that primarily focus on Adobe PDF Reader.
Check Point has reported the exploit to Foxit, and the company has announced plans to address it in version 2024 3.
Efforts to reach Foxit for further comments have yet to receive a response.
This Cyber News was published on www.cysecurity.news. Publication date: Sun, 19 May 2024 04:43:05 +0000