The team behind the SolarMarker malware have been loading it into PDFs and using web search to trick people into downloading them (via ZDNet).
Microsoft says that SolarMarker/Jupyter is a backdoor that can steal login credentials and other data from browsers. The team is using a technique called “SEO poisoning” as a way to get their web result as high as possible in search results like Google. “In this case, the attackers are using thousands of PDFs filled with keywords and links that redirect the unwary across multiple sites towards one that installs the malware.”
These search results lead people to a website that pretends to be Google Drive. Downloading one of these PDFs will install the malware onto your computer. According to Microsoft, the PDF will ask people to download a .doc file or .PDF version of the search term they’re looking for. People will then be redirected through 5-7 websites with domains like .site, .tk, and .ga. At the end, they will arrive at the fake Google Drive website.
In any case, make sure you have anti-malware installed on your Mac and maybe don’t log into websites where you haven’t manually accessed that website.