Evil-Pdf

PROJECTS

Winston. I

9/2/20242 min read

In this post, I’m going to share a project I’ve been working on that shows how something as simple as a PDF file can be turned into a tool for stealing personal information. This project involves a Python script that creates a fake PDF designed to trick people into clicking on a pop-up message. Once they do, they’re redirected to a harmful website that steal their information. This kind of attack is sneaky, and understanding how it works can help you protect yourself.

What This Project Does

The goal of this project is to create a PDF that looks completely normal but contains hidden traps that can lead to your information being stolen. This script has the ability to do the following:

  1. Creates a Fake PDF: The script makes a PDF document that looks like an official or important file.

  2. Adds a Malicious Pop-Up: When someone opens the PDF, it triggers a fake pop-up message. If they click on it, they’re sent to a dangerous website.

  3. Grabs Your IP Address: The script also collects the IP address of the computer it’s running on, which could give attackers more information about the user.

    The Script’s Components

    Below is the Python code that brings everything together:

These imports serve the following purposes:

  • os: This module interacts with the operating system, helping with file paths and locations.

  • socket: Used to retrieve the IP address of the machine running the script.

  • PyPDF2: A library for reading, modifying, and writing PDF files, including adding JavaScript to PDFs.

  • reportlab: A powerful library used to create new PDF files from scratch, allowing you to add text, format the document, and more.

1. Creating a Fake PDF

The script generates a PDF that looks legitimate, using reportlab to format the content professionally. This might include titles, paragraphs, and other text that makes the document appear trustworthy.

2. Adding a Malicious Pop-Up

Using PyPDF2, the script embeds JavaScript into the PDF. This script is designed to show a fake pop-up message when the PDF is opened. If the user interacts with the pop-up, they are redirected to a malicious website.

3. Grabbing the IP Address

The script also uses the socket module to capture the IP address of the machine. This IP address could provide attackers with additional information about the user’s network or location.

Why This Is Dangerous

This type of attack is particularly dangerous because it plays on the user’s trust. The PDF looks completely normal, and the pop-up message seems like a regular interaction. By the time the user realizes something is wrong, their information might already be in the hands of the attacker.

How to Protect Yourself

To protect yourself from these types of attacks, here are some simple tips:

  • Be Careful with PDFs: If you receive a PDF from someone you don’t know or if the file seems suspicious, don’t open it.

  • Keep Your Software Updated: Make sure your PDF reader and other software are up to date. Updates often include security fixes that can help block these kinds of attacks.

  • Use Security Software: Consider using antivirus or anti-malware software that can scan PDFs and other files for potential threats before you open them.