Dhaka: Microsoft, the leading company of the technology world, has issued an important warning for internet users. The company says that cyber criminals are now spreading malware by using PDF files as a weapon, putting personal and institutional data at risk. These attacks have increased rapidly, especially through PDF files containing fake documents related to income tax. This news is especially important for those who download files from the Internet for everyday work.

According to Microsoft, these attacks are so well planned that common users can easily fall prey to them. Cyber ​​criminals send attractive messages through email, in which PDF files are attached with short links or QR codes, luring to give income tax related information. As soon as a user scans these QR codes or clicks on the link, a malicious website opens. After this, dangerous malware like ‘Ramco’, ‘Latrodectus’, ‘AHK Bot’, ‘Gulodder’ and ‘Brutrail C4’ automatically enter the computer.

Dangerous game of malware

These malware start working silently as soon as they enter the system. A Microsoft spokesperson said, “These harmful programs collect sensitive data without the user’s knowledge. They can take screenshots, steal passwords and send banking information to cybercriminals.” As a result, users’ private information—such as login details of social media accounts or credit card information—goes directly into the hands of criminals.

The company also revealed that the use of this technique has been seen on a large scale in the United States in the last few months. However, this threat is now spreading globally. Experts believe that cybercriminals are choosing this method because PDF files are generally considered trustworthy and people open them without thinking.

The trick of cybercriminals

Palo Alto Networks, a well-known firm in the cyber security field, highlighted the seriousness of this threat. An analyst of the firm said, “In recent times, QR code based phishing attacks have increased rapidly in Europe and America. Hackers are resorting to redirection techniques instead of giving direct malware links, which makes it easier to dodge traditional security software.” With this trick, they also defeat antivirus programs, because many times these malware remain inactive in the beginning and become active later.

How to protect yourself?

Microsoft has advised users to be cautious. The company clarified, “Do not open PDF files coming from unknown sources, especially files with QR codes or links.” Apart from this, it is recommended to adopt strong verification systems to avoid phishing attacks. For example, if you receive an email claiming to give you information about income tax returns, then first check its authenticity. Contacting government websites or official sources directly is a better option. Cybersecurity expert Rabib Hussain suggested, “Always keep updated antivirus software on your computer and disable JavaScript in PDF readers. Many malware are activated through JavaScript.” He also added that suspicious emails should be deleted immediately, even if it comes from a familiar name—because hackers often hack the accounts of acquaintances.

Growing threat, awareness necessary

This is not the first time PDF files are being used for cyber attacks. But their new form with QR codes and short links has become a matter of concern. According to a recent report by Palo Alto Networks, PDF files were used in 76% of email-based malware attacks in 2023. This figure shows the seriousness of this threat.

This warning is a wake-up call for internet users. Downloading PDF files for everyday needs is common, but now it has become necessary to be cautious in this habit. Experts believe that along with technology, awareness is the strongest weapon to avoid this threat.
Final advice
The next time you go to download a PDF file, think twice. Is the source trustworthy? Do you really need it? If the answer is in any doubt, it is better to ignore it. Your caution is your greatest shield.