Hello - I recieved a scam email this AM to my business' email address and moronically downloaded the .pdf attachment and opened on my Pixel 7 running latest GOS. The .pdf itself looked like a horribly compressed invoice of some kind. I know .pdfs are used to spread malware. I realized it was a scam and instantly deleted the file.

I know I am stupid... I had just woken up and really wasn't thinking.

What should I do? Full wipe?

You're fine. Nothing to worry about.

    • Edited

    And always use the built in GrapheneOS PDF Viewer for PDFs with uncertain security.

    Its description on Github:

    Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. Content-Security-Policy is used to enforce that the JavaScript and styling properties within the WebView are entirely static content from the apk assets. It reuses the hardened Chromium rendering stack while only exposing a tiny subset of the attack surface compared to actual web content. The PDF rendering code itself is memory safe with dynamic code evaluation disabled, and even if an attacker did gain code execution by exploiting the underlying web rendering engine, they're within the Chromium renderer sandbox with no access to the network (unlike a browser), files, or other content.

      RRZishe What is a "virus" going to do? First off, any "virus" is going to target windoze. Second, any malicious intent would be scope restricted to the specific application loading it. Third, its a PDF file, not an executable program, which means that for it to do anything it has to target specific known vulnerabilities in the application loading it.

        bookreader PDFs can contain Javascript...

        @graphene_os_user It's generally inadvisable to open PDF files from untrusted sources, of course, and you seem to already know this.
        But keep in mind that the GrapheneOS' default PDF Viewer is hardened, as described in the quote posted above by ev6x. Also keep in mind the significant hardening done to the OS by GrapheneOS. I honestly think it unlikely that the PDF was crafted to exploit an unknown vulnerability on a fully patched Pixel device. That would be a highly sophisticated attack. I'm more worried about the PDF being crafted to phish you, but it doesn't sound like it succeeded in doing that.

          fid02

          Do you know whether PDFs opened in browsers like Firefox or Chrome can access the internet?