Newest Flaw in Adobe Flash Enables Malware Installation

Adobe Flash since long has been vulnerable intermittently. Right now it is found with a security flaw that lets 'hackers' compromise people's computers and plant malicious code onto them. Already, the flaw has been exploited while many users have been targeted with the compromise to serve politically inclined motives, to be specific.

"BlackOasis" is the name of the team which is misappropriating the flaw, while security researchers are watching the group's activity. This newest assault that Kaspersky Labs the cyber security company detected and reported was aimed at people chiefly inside the Middle East and clearly was politically motivated.

The security company reports about attackers abusing earlier unknown Flash vulnerability for installing malicious code. The event happened October 10 this year. Those targeted with the attacks were politicians, activists, reporters and bloggers associated with politics in the Middle East.

Kaspersky Labs further reports that exploitation of the flaw results in launching of a commercial malware known as FinSpy which is delivered via one Microsoft Word file. Since the time of the installation, Kaspersky researchers have detected the source of the vulnerability as Adobe that too sent out its own warning. Techrepublic.com posted this dated October 16, 2017.

Upon successful installation of the malware, the malicious code links up with servers inside countries namely the Netherlands, Bulgaria and Switzerland. Thereafter, it waits for instructions for data exfiltration. The latest victims are from countries namely Afghanistan, Iraq, Russia, Jordan, Libya, Nigeria, Iran, Saudi Arabia, Tunisia, Bahrain, the Netherlands, Angola and UK.

In usual practice, buyers of FinSpy are agencies of law enforcement and nation states which use it for conducting surveillance. Previously, the malware had maximum use for nations' internal purposes, with its deployment by agencies of law enforcement to do spying operations over the areas' targets. This newest FinSpy version has features which make its assessment difficult for security analysts. According to chief malware analyst, Anton Ivanov from Kaspersky Labs states in the report, the use of FinSpy within zero-day assaults is the third such instance.

Kaspersky Labs urges enterprise towards installation of the Adobe update without delay, else disabling of Adobe Flash for eschewing the attack.

» SPAMfighter News - 10/24/2017