Malicious Adobe Flash flaw is used to infect victims with infamous spyware

by Julie Splinters - -

It was reported that the attack of infamous espionage malware was carried out through the Microsoft Office file.
The users of Adobe Systems should keep in mind that a pretty serious exposure was found on Adobe Flash Player.

malicious adobe flash

According to security researchers at Kaspersky Labs, this vulnerability was applied to infect users with notorious FinSpy malware. The vulnerability CVE number is CVE-2017-11292 and it can provoke remote code execution.

The FinSpy payload which is applied in these attacks uses exactly the same command and control (C&C) server like payload used with CVE-2017-8759 to spread out the FinSpy spyware. This exploit was detected by security researchers at FireEye in September 2017. In addition, the actor behind these malicious exploits is tracked as BlackOasis. [1]

“So far only one attack has been observed in our customer base, leading us to believe the number of attacks are minimal and highly targeted,” – reported security researchers.

The group behind the FinSpy spyware has designed a malicious campaign which aims to infect victim’s device with the malicious spyware. The malicious software is hidden in a Microsoft Office document which is the most likely to be sent via email.

Researchers at Kaspersky Lab, have only detected one attack which leverages the exposure and reports that the attack volume is relatively low –with only a few attempts. However, the users, including businesses and government institutions are encouraged to patch their systems.

In addition, Adobe also released a security update and offers its customers updates to download for Flash Player in order to patch the exposure. [2]

FinSpy is also known as FinFisher and it was sold to law enforcement groups and government institutions all around the world. According to the investigation from the University of Toronto, 2015 in the CitizenLab, a total of 32 countries was suspected of using the spyware. [3]

The cybercriminals BlackOasis targets mostly bloggers and activists that are involved in Middle Eastern politics.
In addition, BlackOasis also has tried to hack its targets via fraudulent Microsoft Word files that combined malicious code which infected victim’s computer with FinSpy.

As it was mentioned, the hacker group applied five previously uncovered exposures – zero days.
In order to protect your computer, be careful and double check every file attached to your email before opening it – hackers often attempt to fool their victims and install the malware onto the device through the launched link or the opened attachment.

About the author

Julie Splinters
Julie Splinters - VPN service analyst

Julie Splinters is a VPN service analyst at Reviewedbypro.com, who specializes in VPN services and anti-spyware applications. Her major of English Philology and her passion for IT helped her choose the path of an IT writer.

Contact Julie Splinters
About the company Esolutions

References



Ask
now online
news
Subscribe
Privacy
Security
Recovery
Utilities
Like us on Facebook