I recently purchased an e-book titled "Offline Awakening by Sophia Daven," but after buying it, I noticed the seller's name on PayPal was different from the author's name. A quick Google search revealed that all online mentions of this book seem to be either bot-generated comments on YouTube or eerily similar posts on Medium. Additionally, the seller's TikTok account appears to have only AI-generated content from just a few days ago. I ran the PDF through VirusTotal, which didn't identify it as malware, but I came across some concerning outputs related to files and registry activity. Most of the suspicious activity revolves around files and registry entries linked to Adobe Acrobat. While I found a post from an Adobe employee claiming the `SOPHIA` files are legitimate, I'm still feeling unsure. I've only opened the PDF on my Mac and iPad, so the Windows-specific analysis doesn't apply to me. What do you all think? Is it safe to assume this file isn't malicious?
3 Answers
The behavior you're seeing isn’t unusual for Adobe Acrobat when opening any file. This is why it’s essential to know how to read VirusTotal—otherwise, you might end up worrying over nothing. The flagged behaviors are standard for that software.
VirusTotal shows zero detections out of 64 antivirus scans, which is a solid indication that the file isn't malware. Just focus on that. Don't worry too much about the other VirusTotal tabs unless you're an expert in interpreting those results.
iPadOS and macOS have strict sandboxing rules, making them less vulnerable to typical malware. So, it's unlikely a malware author would sell an e-book like this since they probably wouldn't get many buyers. The book title seems generic, which doesn’t scream 'targeted attack'.
True, but lack of detection doesn't guarantee the file is non-malicious. It could be a zero-day exploit yet to be flagged. However, it seems likely it's fine given that Adobe Acrobat produces a lot of flagged activity.