Help in regards to potential PDF threat

[Jazzbro77]

Was writing to you as I found out that my elderly mother opened a PDF (it contained of Powerpoint presentation of various old photographs) that she received from a friend (who probably got it from another friend, and so on, etc.). Needless to say we've warned her about this a million times, but sometimes these things don't always sink in.

Anyway, once I found out, I ran a MalwareBytes scan on her computer, and came back with a clean report. I also submitted the file to VirusTotal, and it found nothing either. She received the file via Gmail, so I'm assuming there was a bit of protection via their proprietary virus scanner (although things have gotten through that line of defense as well). Additionally, I disabled javascript in her Adobe Reader.

On top of that, is there anything else I can do, or any other entities which I can submit the file for examination. Was thinking about getting a supplemental anti-virus such as Bitdefender. Also, is there anything we should be on the outlook for? Just concerned that she might have downloaded a piece of Ransomware or other heavy duty hitter virus.

[Jazzbro77]

My apologies for the typo in the last line - I meant to say "or other heavy duty, hard-hitting virus" (pardon the clunky grammar).

 

 

[exile360]

Greetings,

In all likelihood the file is safe, assuming you verified the source.  That said, Malwarebytes for Windows targets such threats through its Exploit Protection component in the real-time protection of the Premium version, so scanning the file is unlikely to yield any results (Malwarebytes for Windows detects exploits through their behavior, not using traditional file signatures as this method is far more effective and efficient, especially for detecting new/unknown malware).

The protection provided in the paid version of Malwarebytes for Mac appears to mostly be based on more traditional threat signatures as well as heuristics (likely similar to the heuristics used in the Windows version for targeting a wider range of both known and new/unknown malware) and should provide sufficient protection on its own without the need for an additional antivirus, at least in my opinion and based on comments of others I've seen here on the forums.

I welcome anyone else to offer their advice, but were it me I'd likely keep Malwarebytes alone to avoid any potential conflicts or issues from running two active protection apps on the system, and since Malwarebytes for Mac has its own teams for Research and Development who specialize in dealing with threats on the Mac platform, I'm confident that Malwarebytes for Mac should provide adequate protection.

I hope this helps.

[alvarnell]

Mac malware embedded in a PDF is very rare and if for some reason it did contain something malicious, it would almost certainly have caused noticeable issues almost immediately after opening. 

Mac ransomware is likewise extremely rare and certainly none are known to be distributed by PDF. 

I think you have done more than enough to check this file out, but you are always free to submit it to the Research Center's Newest Mac Threats forum so it can be analyzed there.

[treed]

Just chiming in to say that, as stated, PDF malware that affects macOS is quite rare. However, I can go one step further to say that what PDF malware there has been in the past has always required that you open it with Adobe Acrobat Reader in order for it to do anything. I'm not aware of any cases where opening a malicious PDF in the macOS Preview app has resulted in infection, and that's the app the majority of Mac users use to open PDF files, as it's preinstalled and is what handles PDFs by default.

So, given that nothing is detecting the PDF itself as malicious, and assuming that your mother opened the file in Preview, chances of her being infected are so minuscule as to be not worth considering.  

[Jazzbro77]

Thanks for the replies, as it is appreciated. 

From what little I can tell, the file is a collection of vintage photographs that has been passed around various forums over the past couple of years. Even though indications are that it's harmless, the fact people are passing it around like it's 1995 is a bit concerning (especially as it seems to be aimed at an older audience).