is z-library safe? Am i infected after running pdf from there? (sopuli.xyz)

submitted 6 days ago* (last edited 5 days ago) by reksas@sopuli.xyz to c/piracy@lemmy.dbzer0.com

22 comments fedilink hide all child comments

I downloaded some pdfs from there and according to virustotal and some pdf online scanner i tried, they have something possibly malicious going on in them. I already deleted them but i opened them in firefox pdf reader. I dont have acrobat installed.

Scanning my system with malwarebytes now, but nothing is finding anything wrong and I havent seen any suspicious activity.

Here is the analysis itself.

https://www.virustotal.com/gui/file/f3140c932ab57256a8438eba31d18e4baee1413e7ec23d93b1c1f5194b6dea95/behavior

I'm starting to panic, please help if you have any advice

Thank you all, you are wonderful people

you are viewing a single comment's thread
view the rest of the comments

[-] lukewarm_ozone@lemmy.today 1 points 15 hours ago* (last edited 15 hours ago)

Huh? What do you mean "if"? Such a PDF vulnerability literally did happen a few months ago; fixed in Firefox v.126: https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/.

[-] themoonisacheese@sh.itjust.works 1 points 14 hours ago

JS execution in a browser is hardly a problem.

[-] lukewarm_ozone@lemmy.today 1 points 13 hours ago

Sure, in Firefox itself it wasn't a severe vulnerability. It's way worse on standalone PDF readers, though:

In applications that embed PDF.js, the impact is potentially even worse. If no mitigations are in place (see below), this essentially gives an attacker an XSS primitive on the domain which includes the PDF viewer. Depending on the application this can lead to data leaks, malicious actions being performed in the name of a victim, or even a full account take-over. On Electron apps that do not properly sandbox JavaScript code, this vulnerability even leads to native code execution (!). We found this to be the case for at least one popular Electron app.