Threat actors use weaponized PDF files for initial infection. This is because they can be embedded with malicious code, PDF readers’ vulnerabilities are exploited, and users are tricked into activating the payload.

Source: GBHackers