Novel PDF malware: injecting JavaScript into the encrypted section of Adobe Type 1 font binaries is not detectable by malware scanners and doesn't interfere with decryption/decompilation of the font (along with a new tool for malicious PDF analysis)

Web: https://www.reddit.com/r/Malware/comments/xeoo5g/novel_pdf_malware_injecting_javascript_into_the/

See [this Twitter thread](https://twitter.com/Cryptadamist/status/1570167937381826560) with most of the details/screenshots/virustotal links/etc.

Apologies if this isn't new but the fact that none of the malware detection tools alert on it coupled with the fact that I could find nothing about this sort of thing on the internet suggested to me that it was a new kind of thing. No idea if this exploits a still extant vulnerability or an old one.

The tool is the [the pdfalyzer](https://github.com/michelcrypt4d4mus/pdfalyzer); I just open sourced it. …

adobe analysis decryption encrypted javascript malicious malware pdf scanners tool