this post was submitted on 16 Jan 2025
25 points (82.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55647 readers
586 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
 

Specificially https://en.z-lib.gs/

I downloaded some pdfs from there and according to virustotal and some pdf online scanner i tried, they have something possibly malicious going on in them. I already deleted them but i opened them in firefox pdf reader. I dont have acrobat installed.

Scanning my system with malwarebytes now, but nothing is finding anything wrong and I havent seen any suspicious activity.

Here is the analysis itself.

https://www.virustotal.com/gui/file/f3140c932ab57256a8438eba31d18e4baee1413e7ec23d93b1c1f5194b6dea95/behavior

I'm starting to panic, please help if you have any advice


Thank you all, you are wonderful people

you are viewing a single comment's thread
view the rest of the comments
[–] lukewarm_ozone@lemmy.today 1 points 3 days ago* (last edited 3 days ago) (1 children)

Huh? What do you mean "if"? Such a PDF vulnerability literally did happen a few months ago; fixed in Firefox v.126: https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/.

[–] themoonisacheese@sh.itjust.works 1 points 3 days ago (1 children)

JS execution in a browser is hardly a problem.

[–] lukewarm_ozone@lemmy.today 1 points 3 days ago

Sure, in Firefox itself it wasn't a severe vulnerability. It's way worse on standalone PDF readers, though:

In applications that embed PDF.js, the impact is potentially even worse. If no mitigations are in place (see below), this essentially gives an attacker an XSS primitive on the domain which includes the PDF viewer. Depending on the application this can lead to data leaks, malicious actions being performed in the name of a victim, or even a full account take-over. On Electron apps that do not properly sandbox JavaScript code, this vulnerability even leads to native code execution (!). We found this to be the case for at least one popular Electron app.