Do I need to worry about infection from a .PDF from an untrusted sender previewed within GMail?
Context: I received an email claiming an order has been shipped for a service that I am subscribed to but did not believe was due for renewal. I panicked and clicked to preview the attached invoice pdf (I previewed it using GMail's viewer, I did not download the file). I quickly realized this was a scam of some sort, but was left puzzled because there were no links to click or demands to call, or any other call to action.
Question: Is it likely that the PDF contained malicious script? If so, is it likely that I would have been infected if I never opened the file locally? I'm assuming GMail's preview sandboxes the file... Also, more generally, if there were to be an attack that exploits GMail's file preview, what kind of fallout would one expect (e.g., Session Hijacking, stored password theft, downloading of some kind of file)?
Research:
- GMail had a note saying that the file was scanned by GMail and there were no alerts or anything like that.
- I found a description of this kind of attack on [Which?][1] as a common attack vector currently, and they describe it as a vishing attack -- the goal is they get you to call "customer service" and try to get you to install something or reveal sensitive info
- I copied a link to the attachment (right clicking -> selecting "copy link address") and pasted it in virus total. I got the following "low risk" detection: Palebot Trojan Harvests Palestinian Online Credentials - according to source ArcSight Threat Intelligence - 1 year ago Contextual Indicators: The URL is known benign by Check Point's Threat Cloud Contextual Indicators: The domain is popular among websites with good reputation Contextual Indicators: The domain is popular in the world Contextual Indicators: The domain’s Cisco Umbrella rank is 186 Created On: 1997-09-15 VirusTotal Link: https://www.virustotal.com/gui/domain/3f2728499a4b29460f3e3150df508e06b19edf0f58efd051fac777844d28e452/detection Classification Description: Legitimate website which does not serve any malicious purpose.
Personal thoughts: If it wasn't for the virus total warning, I would have assumed all was good, but I can't make much sense of the alert message, so I don't know if I should worry about it or not...
Thanks in advance! [1]: https://www.which.co.uk/news/article/5-email-scams-to-watch-out-for-right-now-aYPQx0B8TEc1
