Can a PDF have a virus? Here’s what you should know

Opening a PDF could put your business at risk. 

PDFs are one of the most reliable ways attackers deliver malware that can affect your company. 

A single infected file can quietly install spyware, steal credentials, and give attackers the entry point they need to move across your network. That exposes client data that can leave your business with reputational and financial consequences that can take months or years to undo.

What feels like a routine action, such as reviewing an applicant’s CV or processing an invoice(новое окно), can trigger a business-wide security incident.

But how can you get a virus from a PDF? And what can your business do to protect itself from this risk? 

Why do PDF viruses spread fast? 

PDFs are part of how businesses operate: The finance team reviews invoices and audit reports. Marketing downloads industry research. Legal receives contracts and compliance documents. 

Modern work depends on PDFs. So, when work is fast and deadlines are tight, a malicious PDF can easily slip through. 

When they slip through, they move through a business quickly because files are shared internally, forwarded as attachments, or stored in shared drives and can touch multiple workstreams. 

What do PDF viruses look like? 

For individuals, the general advice is not to open files — PDF or otherwise — from unknown senders. 

But for businesses, emails and documents from unfamiliar senders arrive regularly, so you need to know what viruses look like. You might see them as:

Phishing links 

You receive a PDF with an invoice, a legal notice, or a shipping confirmation. Inside, you find a link to a fake login page or a malware download. 

What to look out for: To make the attacks convincing, cybercriminals usually send files with common names, such as “Receipt_ID3329.pdf,” so they blend easily into a business workflow. 

Embedded JavaScripts

PDFs can run JavaScript for interactive elements. But malicious scripts can also run when a file is opened, exploiting vulnerabilities of your PDF reader — especially when you are using an outdated reader. 

What to look out for: If a PDF triggers unexpected pop-ups or asks you to enable features, close it immediately. This can lead to credential harvesting, ransomware, data theft, and more. 

Malicious attachments

Images or fonts inside a PDF can carry hidden executables. If you click on one, or the document is configured to launch it automatically, malware installs on the device. 

What to look out for: Unusually large file sizes for simple documents. If your reader prompts you to open or run an attachment, don’t. This can further exploit the entire data on the computer, which is often confidential or sensitive. 

What to do if you open a PDF with a virus

If you’ve received a PDF with a virus, act decisively to contain the damage. 

If customer or regulated data could be involved, your organization may need to follow formal incident response or disclosure procedures.

How to protect your business from PDF Viruses

Malicious PDFs usually reach employees through email or file-sharing workflows. Reducing exposure means focusing on a few practical controls. 

Filter risky attachments before they reach users

Secure business email services can detect spam campaigns, block known malware signatures before they reach you, and flag suspicious senders. This reduces the likelihood that employees ever interact with dangerous files.

Limit how files are shared internally

To reduce the chance of forwarding, look for services that scan for malware before downloading, and offer password-protected access.

Protect accounts even if a file is opened

Some PDF attacks aim to steal credentials through embedded phishing links or hidden scripts. Enforcing strong authentication and using a business password manager reduces the impact if employees are tricked into entering login details.

Protect your business from PDF viruses

At Proton, we build our encrypted business email, secure file sharing, and credential protection tools to address exactly these risks while keeping your data private by default. These tools provide security at every stage of your document workflow, protecting your business and your clients.

Cyberattacks can come in many forms, and human error is a leading cause of data breaches. Employee awareness training and secure tooling are critical to protecting your business data. You can learn more about building a secure organization with our free security guide.