this post was submitted on 16 Jan 2025
25 points (82.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55647 readers
586 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
db0@lemmy.dbzer0.com
sunbrothersco@lemmy.dbzer0.com
dataprolet@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
25
is z-library safe? Am i infected after running pdf from there? (sopuli.xyz)
submitted 1 week ago* (last edited 1 week ago) by reksas@sopuli.xyz to c/piracy@lemmy.dbzer0.com
21 comments fedilink hide all child comments
 

Specificially https://en.z-lib.gs/

I downloaded some pdfs from there and according to virustotal and some pdf online scanner i tried, they have something possibly malicious going on in them. I already deleted them but i opened them in firefox pdf reader. I dont have acrobat installed.

Scanning my system with malwarebytes now, but nothing is finding anything wrong and I havent seen any suspicious activity.

Here is the analysis itself.

https://www.virustotal.com/gui/file/f3140c932ab57256a8438eba31d18e4baee1413e7ec23d93b1c1f5194b6dea95/behavior

I'm starting to panic, please help if you have any advice

Thank you all, you are wonderful people

you are viewing a single comment's thread
view the rest of the comments
[–] themoonisacheese@sh.itjust.works 17 points 1 week ago (1 children)

That virultotal report looks completely fine to me, including the behavior tab.

Regardless, imagine what would happen if the firefox pdf reader was vulnerable to a well-known attack (of course there probably exist 0 days but they wouldn't be burned on you). Any attacker could simply link you a PDF and you'd be infected simply for clicking the link? If this was true, people would stop using firefox because it would be insecure.

[–] lukewarm_ozone@lemmy.today 1 points 3 days ago* (last edited 3 days ago) (1 children)

Huh? What do you mean "if"? Such a PDF vulnerability literally did happen a few months ago; fixed in Firefox v.126: https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/.

[–] themoonisacheese@sh.itjust.works 1 points 3 days ago (1 children)

JS execution in a browser is hardly a problem.

[–] lukewarm_ozone@lemmy.today 1 points 3 days ago

Sure, in Firefox itself it wasn't a severe vulnerability. It's way worse on standalone PDF readers, though:

In applications that embed PDF.js, the impact is potentially even worse. If no mitigations are in place (see below), this essentially gives an attacker an XSS primitive on the domain which includes the PDF viewer. Depending on the application this can lead to data leaks, malicious actions being performed in the name of a victim, or even a full account take-over. On Electron apps that do not properly sandbox JavaScript code, this vulnerability even leads to native code execution (!). We found this to be the case for at least one popular Electron app.