Hiding Sensitive Information Using PDF Steganography

TL;DR

This paper introduces a novel PDF steganography method that embeds secret data into PDF files by modifying real-valued operands, expanding beyond previous limited operator use, and demonstrates its application by embedding malware.

Contribution

The paper presents a comprehensive PDF steganography algorithm utilizing all PDF stream operators, enhancing capacity and stealth compared to prior limited approaches.

Findings

Effective embedding of data into all PDF stream operators

High capacity steganography with minimal perceptible changes

Successful case study embedding malware into PDFs

Abstract

The use of steganography to transmit secret data is becoming increasingly common in security products and malware today. Despite being extremely popular, PDF files are not often the focus of steganography research, as most applications utilize digital image, audio, and video files as their cover data. However, the PDF file format is promising for usage in medium-capacity steganography applications. In this paper, we present a novel PDF steganography algorithm based upon least-significant bit insertion into the real-valued operands of PDF stream operators. Where prior research has only considered a small subset of these operators, we take an extensive look at all the possible operators defined in the Adobe PDF standard to evaluate their usability in our steganography algorithm. We also provide a case study which embeds malware into a given cover PDF document.