Hackers are using a previously undiscovered vulnerability in Adobe’s commonly used Flash software to install blackmailing malware on victims’ machines.
The Adobe Flash zero day vulnerability was uncovered by researchers at security firm Trend Micro, who claimed to have found it while examining leaked documents from software company, Hacking Team.
Zero day vulnerabilities are flaws that are found and targeted by hackers before they are discovered by security professionals.
The Hacking Team documents were leaked on Monday when a group of hackers posted 400GB of data stolen from the Italian surveillance software vendor online.
Hacking Team makes the surveillance tools used my numerous governments around the world. The firm’s customer list is believed to include countries that the United Nations, NATO, European Parliament, and the US have blacklisted.
Trend Micro Threat analyst Peter Pi said the flaw was originally used by Hacking Team to install spyware – a form of software that collects information from machines it’s installed on without the user’s knowledge.
He added that the flaw is described by Hacking Team in the leaked documents as “the most beautiful Flash bug for the last four years,” indicating the firm has been exploiting it for quite some time.
Trend Micro threat analyst Brooks Li reported in a separate blog post that common criminals have since begun using the Angler and Nuclear exploit kits to target the Flash zero day.
Exploit kits are attack tools commonly traded on underground online black markets that let criminals, who may not have strong computer skills, mount cyber attacks.
Private security researcher Kafeine has also uncovered evidence the Neutrino exploit kit is also being used to target the Adobe Flash flaw.
All the exploit kits are reportedly using the Flash flaw to spread the dangerous CryptoWall ransomware.
Ransomware is a form of malware that locks victims out of their machines and demands payment to return access. Dangerous forms of ransomware like CryptoWall also encrypt files stored on the victim machine’s hard drive.
Luckily, Adobe has released an emergency patch for the flaw, meaning Flash users that update their web browser to run the new version will be safe from the attack. Adobe recommends customers install the update as soon as possible.
The flaw is one of many critical, recently discovered Flash vulnerabilities.
In June researchers at FireEye uncovered a separate Flash vulnerability being used by the “Clandestine Wolf” group of hackers to attack businesses in the aerospace, defence, construction, technology, and telecoms industries.
Independent security researcher “MalwareDontNeedCoffee” found evidence the Clandestine Wolf Flash flaw was similarly being used by hackers to spread ransomware using the Magnitude exploit kit soon after being publicly revealed.