> How can a document, which only interactions should be to navigate between sections and open hyperlinks, have viruses that steal victims credentials.

Regular PDFs can’t. Like you said, there’s no way for something that contains only text, images and hyperlinks to transmit a virus, or rather no way that we *know* of.

The danger lies in three things: Hiding file extensions, Web-Based PDFs, and clicking links.

Hackers can use the “.pdf” to hide file extensions like “.exe” and “html” at the end of a file which can very well run a viral script on a computer. Example: A hacker can name a file “Script.pdf.exe”, which is an exe file. They know that if someone sees a file named this then they’d suspect something is up and wouldn’t open the file. So what they’ll do is *hide* the “.exe” extension so people only see “.pdf” unless they take a closer look at the file and they’ll give the program the icon of a pdf. Hiding file extensions isn’t a bad thing in and of itself, windows uses it so they don’t confuse consumers (you can disable it pretty easily), but people with more malicious intentions can use it to create a file that looks like one thing but does another.

The second danger lies in Web-Based PDFs. Not the ones you open in your browser, but the ones that have more sophisticated options like filling and signing digitally. Technically, these aren’t PDFs in this state but are converted to PDFs after they’re completed. The options they contain can be programmed to run hidden scripts on your browser.

The third (and probably most common) danger is clicking a link on a PDF that redirects you to a malicious website. It’s well known that you shouldn’t click links from sources you don’t trust, and a lot of apps stress this, but if there’s a link inside a PDF it can bring you to a website that can cause your computer to go haywire. In this case, it isn’t the PDF *itself* that contains the virus, it just served as a messenger for the origin of the real virus. If you didn’t open the link inside it you would be fine.

That being said, viruses like these are exceptionally rare. With improvements in cybersecurity and awareness of fishy links and scams, it is becoming more and more difficult to create and spread these kinds of dangers. Stay safe!