Adobe InDesign as a hacker tool and what alternatives are there

  • Adobe InDesign’s shift from a trusted app to a hacker phishing tool.
  • Choosing InDesign alternatives for cost savings and reduced phishing risks.
  • There has been a dynamic shift in design software from QuarkXPress-InDesign rivalry to emerging alternatives.

Hackers using Adobe’s page layout application InDesign to create convincing phishing emails and embed links are symbolic of the levels of targeting and sophistication currently used by bad actors.

Users clicking on rogue links in convincing calls to action sent via email are being misled into downloading malware and entering personal credentials into sites controlled by attackers.

Beyond design: When a tool becomes a hacker plaything

The sites’ addresses use a subdomain redolent of the link Adobe utilizes for users to approve, collaborate on, or otherwise interact with documents created in InDesign. URLs like not only deploy the company’s name but also refer to the file suffix the application uses by default for InDesign documents (.indd).

Phishing attempts like these most recently covered here rely on a duped user’s acceptance of a commonly recognized brand. When organizations consider their annual outgoings for software licenses, there is an argument that some decent amount of protection from malware may be achieved by moving away from the InDesign application altogether: so-called security through obscurity.

The logic for a move on security grounds may be flawed, but the InDesign package is an expensive commodity to use, especially if used as a standalone product and not as part of the Adobe Creative Cloud collection. Because of the company’s subscription model of pricing, the use of the software costs significant amounts over any considerable time, and there are equally capable products out there that may offer the same functionality users demand that are cheaper and, in one case, free.

Hackers target US government servers using an Adobe product

Hackers target US government servers using an Adobe product. (Source – X)

QuarkXPress vs. InDesign

In the 1990s, before the go-to medium for publishing was physical, not digital, the QuarkXPress vs. Adobe InDesign was the subject of many headlines in the technology press. Quark had long dominated the page layout space with few competitors worth mentioning until Adobe began challenging it. The presence of PhotoShop and Illustrator as tools in many design shops made adding InDesign a logical choice for many. Where layouts, text, and imagery created in Adobe products had to be exported and re-imported into Quark, InDesign offered a more seamless flow between all the tools necessary to take an idea from creation to publication.

Although initially less powerful in terms of offered features and significantly more buggy than its older competitor, InDesign gained ground quickly in the hearts and minds of designers and publishers worldwide. Quark’s move to an annual subscription model and a fiercely unpleasant license verification system further turned many users against the platform, users warmly welcomed by Adobe.

Today, QuarkXPress continues to be a viable platform and costs almost the same, month per month, as Adobe InDesign.

Some Affinity for alternatives

British company Serif Europe offers three products that directly challenge the most popular elements of the Adobe Creative Suite: Affinity Designer, a vector graphic design package like Adobe Illustrator, Photo that correlates to PhotoShop, and Publisher, which is up against InDesign.

All three packages fulfill most users’ needs, although some re-skilling is likely necessary for power users who have ingrained Adobe keyboard shortcuts into their muscle memory.

Affinity Publisher was released in 2019, and while direct comparisons between InDesign show some differences in feature sets, it should be noted that Publisher offers different features from InDesign rather than being a direct competitor. Its main selling point (literally) is the price. Instead of a monthly or discounted annual subscription to the software, all Serif Europe’s packages are sold as a one-off payment, currently $US 200. That gives users a lifetime subscription, with at least some guaranteed upgrades in the future.


Scribus is an open-source application running on almost any computing platform, running any operating system. However, unlike its paid-for counterparts, there are no iOS or Android options. Aside from that, Scribus is powerful, stable, and responsive, offering many of the features of its competitors.

Open-source software is usually termed “free,” although that term is intended to describe the freedom with which users and developers can distribute and use the software: freely. Additionally, in this context, “free” also refers to the price tag for the user.

It’s worth noting that the phrase “free alternative” is usually equated with something of lesser value, somehow than something for which money has to change hands. It’s an irony that the internet’s infrastructure and almost all the servers that run the world happen to run on free software. Like Scribus, the “free” refers to the freedom to alter and distribute software, not its price tag (which is usually zero, regardless).

When you look at a website or send an iMessage, post to Facebook, or store a document on the cloud, business is taken care of by a “free alternative” to something one might have to pay for.

A hacker can make any tool theirs: Expand options, stay safe

It’s crucial, therefore, to consider all the alternatives to InDesign, regardless of the price tag. Other applications will work differently, and those differences may cause some scratching of heads from users accustomed to working one way or another. But like all software, an application – in this case, to help lay out design work – is merely a tool to achieve an end. The price tag attached to the tool (if that is your main criterion) is irrelevant. The security implications of your choice of page-layout software are another matter altogether. Arguably, users of InDesign are paying for a worsened security posture, although that is an oversimplification.