Some years ago, developers of exploit kits began to use
malformed PDF fi les as attack vectors for malicious
drive-by downloads, usually by exploiting vulnerabilities
present in viewer applications. Detections were duly added to
AV products and as a result, the generated PDF fi les became
increasingly obfuscated as malware attempted to circumvent
the scanners.
Typically, advantage was taken of the wide range of fi lters
that are provided by the PDF specifi cation for streams
in a document. Besides the various text encodings and
common data compressors such as Defl ate and LZW, even
image compressors such as CCITTFaxDecode [1] and
JBIG2Decode [2] were seen storing payloads in the wild – all
due to the fact that a binary stream can usually be interpreted
as raw image data
more here...........https://www.virusbtn.com/pdf/magazine/2015/vb201503-lossy.pdf
malformed PDF fi les as attack vectors for malicious
drive-by downloads, usually by exploiting vulnerabilities
present in viewer applications. Detections were duly added to
AV products and as a result, the generated PDF fi les became
increasingly obfuscated as malware attempted to circumvent
the scanners.
Typically, advantage was taken of the wide range of fi lters
that are provided by the PDF specifi cation for streams
in a document. Besides the various text encodings and
common data compressors such as Defl ate and LZW, even
image compressors such as CCITTFaxDecode [1] and
JBIG2Decode [2] were seen storing payloads in the wild – all
due to the fact that a binary stream can usually be interpreted
as raw image data
more here...........https://www.virusbtn.com/pdf/magazine/2015/vb201503-lossy.pdf