Hackers are infecting computers with malware using bogus emails claiming to be Adobe security alerts. The emails exploit a recently uncovered vulnerability in the Flash software often used by web browsers to view video, and feature an “important Flash update” subject line.
The campaign was uncovered by Volexity founder Steven Adair and reportedly uses one of the vulnerabilities revealed in the June 6 Team Hacking leaks.
The Team Hacking leak occurred over the weekend when hackers successfully stole and posted online over 400GB of the surveillance software company’s data. The data included the source code for Team Hacking’s spy tools and the details of the vulnerabilities they exploit.
The attacks use a “spear phishing” strategy to infect their victims. “Spear phishing” is a type of cyber attack in which hackers attempt to dupe victims into installing malware by sending malware-ridden emails that are made to look like legitimate messages from respectable sources.
“The attackers launched spoofed email messages purporting to be from Adobe. The email messages references an Adobe Flash update and encourages the recipients to click a link to download and install the update,” Adair explained in a threat advisory.
If clicked the link in the email installs data stealing malware on the victim machine using the Flash flaw.
The Flash flaw mentioned in Volexity’s advisory is one of the most dangerous vulnerabilties to come out of the Team Hacking leaks and was targeted by common cyber criminals mere moments after being published online.
The new attacks are believed to stem from a well known Advanced Persistent Threat (APT) group known as Wekby. APT is a term used in the security community to refer to particularly advanced and dangerous hacker cartels.
The Wekby group became famous in 2014 when it was linked to high profile targeted attacks against health care organisations such as Community Health Systems. The attacks are believed to have compromised 4.5 million patients’ Social Security numbers and personal data.
The new campaign is less sophisticated than Wekby’s past efforts and reportedly uses the same fake [email protected] email address in all its attacks, meaning the messages are fairly easy to spot. Adobe has also released a patch update for the Flash flaw being targeted, meaning users running up to date software should be safe.
The Hacking Team zero day is one of many Flash flaws uncovered in recent weeks.
In June researchers at FireEye uncovered a separate Flash vulnerability being used by the “Clandestine Wolf” group of hackers to attack businesses in the aerospace, defence, construction, technology, and telecoms industries.
Flash’s hacker woes are believed to stem from the fact Adobe didn’t design it with security in mind. The firm exacerbated these problems an created more undocumented holes Flash’s defences by stretching it to run on as many operating systems, devices and browsers as possible.