Warning icon
MacPaw stands with Ukraine. Here’s how you can help our country win with just several clicks.

How to check if a PDF is safe

7 min read

The last thing you need in your day is getting malware on your devices. And since the most cost-effective way for bad actors to spread malware is through things that are used by the largest number of people, it makes sense to ask — can you get a virus from a PDF?

Unfortunately, the answer is yes. The good news is though, most PDFs don’t carry malware. So in this post we’ll learn how to spot the bad apples and get rid of them!

How can a PDF file contain a virus?

First, here are the main pathways for a PDF to bring malware to your device.

Some of the most common uses of that code are editable parts of the PDF. Also vulnerable are PDF functionality to display current date, time, and make calculations. All of these are dynamic elements that require your PDF file to execute code on your device. This is how a virus gets installed.

PDFs can also have Javascript, which is one of the more convenient ways to get malware on a machine. Add to that PDF’s ability to execute system commands, functionality to add hidden objects into the file, and embedding multimedia, and you get a whole host of potential containers, in which to deliver malware to your Mac.

While many of the system commands in PDFs have been disabled by Adobe, this is only true for latest versions of the program, plus this will not protect you in third-party PDF readers.

Most exploits that PDF viruses use are in PDF readers, but in case of embedded multimedia the vulnerabilities used to make an attack are those of a media player.

Another point of attack can be PDF plugins as they are also capable of running malicious code.

How to check PDF for viruses?

How do you tell if a PDF has a virus? First off, a sketchy source is the first thing that should tip you off.

Avoid downloading suspicious files from unknown websites — compromised PDFs are often masked as free ebooks and brochures. Similarly, be wary of email attachments you weren’t expecting, even if you know the sender (as their email could’ve been hacked).

Luckily, some email service providers, e.g. Gmail, scan attachments for malware.

Do note that sometimes file size is too large or the system glitches and an attachment can’t be scanned. You will see the respective message with your attachment, so don’t just download any attachments without looking.

If you’ve already downloaded a PDF that you are worried might be infected, use CleanMyMac X to do a system-wide scan.

Open the app on your Mac, go to Malware Removal, and click Scan.

Malware Removal

Scan your Mac regularly to make sure your system is virus-free as even the most reliable websites, like those of your local government bodies or famous brands, are vulnerable to attacks. So once in a blue moon, PDF malware might even come from one of the places you would never even think, ‘Are PDF files safe coming from here?’

CleanMyMac X anti-malware module checks your system for ransomware, adware, and the rest of “wares” specific to macOS. It takes just a few moments to run and gives you the peace of mind that your system is safe. And since new malware gets released every day, the app’s malware database is regularly updated.

How can an infected PDF affect your Mac?

Viruses in PDF can be of several types.

PDF trojans

PDF trojans steal information from your machine and send it to the attacker. This way, unwanted third parties can access your personal or banking information, your company’s data, your photos, documents, etc.

PDF malware

PDF malware is focused on destroying information on your device or changing it. This can mean injecting ads into your browser or encrypting information on your device to demand ransom (that’s ransomware).

Droppers

Due to the limitations to the payload a PDF can bring onto your device, a lot of PDF viruses are actually just droppers, i.e. a way to get the target user to download the main malicious file. This can be done in a variety of ways, from executing code to get your browser to open the right page, to something as innocuous as simply linking to a malicious website in an otherwise normal ebook or scientific paper.

A lot of the safety from possible malware attacks comes from being careful. You can prevent a lot just by being educated about online safety and what to look out for. Avoiding suspicious websites and not downloading any attachments unless you are expecting them and know the source as trustworthy can take you further than most people in online safety.

The next step is turning off any settings on your Mac that can open potential doors for the attack.

Is your AirDrop secure? Is your Remote Login off? Are your apps up to date? Did you turn on secure keyboard entry in Terminal so that apps cannot record your keystrokes in Terminal? If you don’t want to manually check endless security settings on your Mac, there’s an app for that.

Pareto Security checks your system against a comprehensive list of security settings and shows you if anything needs attention. This is particularly handy if you tend to turn these settings on and off frequently and keep forgetting whether your AirDrop or AirPlay are on or off at any given time.

Pareto security

Another way to strengthen your security level is never, ever storing your passwords or credit card information out in the open. Use specialized security apps like Secrets to store them for you securely.

security apps to store passwords

Secrets can take care of your sensitive information and even generate super strong passwords for your daily use. And the best news — you don’t even have to memorize them!

How to download free PDF files from the internet safely?

The very first question you should ask yourself when considering downloading something to your Mac is — is this PDF really safe?

Consider these points:

  • Where are you downloading the file from? Is it a website or an email attachment?
  • For mailed files, note if it has a message from your email service provider that it’s been scanned for malware and who the sender is. Were you expecting this file from them?
  • For website downloads, check the exact address — is it HTTPS, is it a respectable domain?

If you trust the source, your next step is checking that the file is actually in PDF format and not just a ruse to get you to download an executable malware file. In most cases, a PDF virus will need you to actually open the file in a reader in order to start executing its malicious code.

If you are looking for free PDF textbooks online or other ebooks, use reputable libraries or your university library to get the files. Project Gutenberg is a famous online project with more than 60,000 free ebooks. Buy and download books from reputable sellers like Google Books or Amazon.

Add another layer of security to downloading PDFs with a VPN. VPNs hide your IP and encrypt your traffic. That makes it more difficult for attackers to get access to your system. And if you are using public WiFi (like the one in your local library), a VPN is a must since it helps protect you from hackers who have access to the same network as you.

ClearVPN is one of the easiest VPNs to use. It offers shortcuts for various tasks you might want it to perform — from blocking ads to changing your location. Explore shortcuts and access geo blocked content, browse more privately and securely, improve your gaming experience, and more.

browse more privately and securely

Tips to protect Mac from PDF virus

Can a PDF have a virus? Yes. Can you protect your Mac from threats in PDFs? Yes.

PDF is a complex file format that offers users a lot of tools, but that also brings threats. Embedding media in your PDFs or making forms fillable and signable opens up pathways for malicious attacks on your devices and information.

Your first line of defense is knowing potential threats. For example, a lot of the PDF exploits require users to open the file in a specific reader or use an add-on extension in order for a malicious script to work.

Your next step is only downloading those PDFs to your Mac which you are sure come from reliable sources, turning off automatic download of email attachments in your mail client, and scanning your system regularly to make sure your Mac is malware free.

Basic steps like keeping your software up to date, your passwords and other sensitive information protected, and your internet connection secure and private will help further strengthen your defense.

And last but not least, you can find the tools we’ve talked about today — Mac cleaner and malware scanner CleanMyMac X, Mac security settings checker Pareto Security, password and data storage app Secrets, and easy VPN tool ClearVPN — on Setapp.

Setapp is a monthly subscription service with dozens of apps for your Mac and iPhone. No need to pay for each app, starting at just $9.99 a month you can get 230+! Try free now with Setapp’s 7-day free trial.

Get 230+ Mac apps for any job

Sign up to Setapp and try them for free.