Specificially https://en.z-lib.gs/

I downloaded some pdfs from there and according to virustotal and some pdf online scanner i tried, they have something possibly malicious going on in them. I already deleted them but i opened them in firefox pdf reader. I dont have acrobat installed.

Scanning my system with malwarebytes now, but nothing is finding anything wrong and I havent seen any suspicious activity.

Here is the analysis itself.

https://www.virustotal.com/gui/file/f3140c932ab57256a8438eba31d18e4baee1413e7ec23d93b1c1f5194b6dea95/behavior

I’m starting to panic, please help if you have any advice

Thank you all, you are wonderful people

  • themoonisacheese@sh.itjust.worksEnglish
    17·
    6 days ago

    That virultotal report looks completely fine to me, including the behavior tab.

    Regardless, imagine what would happen if the firefox pdf reader was vulnerable to a well-known attack (of course there probably exist 0 days but they wouldn’t be burned on you). Any attacker could simply link you a PDF and you’d be infected simply for clicking the link? If this was true, people would stop using firefox because it would be insecure.

        • lukewarm_ozone@lemmy.todayEnglish
          1·
          14 hours ago

          Sure, in Firefox itself it wasn’t a severe vulnerability. It’s way worse on standalone PDF readers, though:

          In applications that embed PDF.js, the impact is potentially even worse. If no mitigations are in place (see below), this essentially gives an attacker an XSS primitive on the domain which includes the PDF viewer. Depending on the application this can lead to data leaks, malicious actions being performed in the name of a victim, or even a full account take-over. On Electron apps that do not properly sandbox JavaScript code, this vulnerability even leads to native code execution (!). We found this to be the case for at least one popular Electron app.