Beware of Signing In The Shadows

Picture of Hodgson Consulting & Solutions

Hodgson Consulting & Solutions

According to new research published by academics from the Ruhr-University Bochum in Germany, “15 out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others.”  (, 2020)

“Academics have named this technique of forging documents a Shadow Attack. The main idea behind a Shadow Attack is the concept of “view layers” — different sets of content that are overlaid on top of each other inside a PDF document. A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.” And “because the layer was included in the original document that the victim signed, changing the layer’s visibility doesn’t break the cryptographic signature and allows the attacker to use the legally-binding document.” (, 2020)


As noted above, any hacker or cybercriminal who successfully gathers yours, or a representative of your company’s signature, will then have a legally binding document to use how they please. You must be aware. Your employees must be aware. And your clientele must also be alert and aware.

“According to the research team three variants of a Shadow Attack exist:

  • Hide – when attackers use the PDF standard’s Incremental Update feature to hide a layer, without replacing it with anything else.
  • Replace – when attackers use the PDF standard’s Interactive Forms feature to replace the original content with a modified value.
  • Hide-and-Replace – when attackers use a second PDF document contained in the original document to replace it altogether.” (, 2020)

Don’t let a lurking hacker and the activities that they do in the shadows snuff out your company’s light! Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. We offer full solutions for your IT needs, not just Band-Aid fixes. Contact us to receive a FREE Confidential Dark Web Scan and also learn more about our Managed Security Service Plans. Contact our office today at 847-906-5005.


Get your FREE Dark Web Scan today!

Share Post: