Businesses that use Adobe Flash should update the program in order to avoid zero day exploit that infects a victim’s machine with malware. The exploit, found by Kaspersky Lab, has already been used in a live attack and can perform remote code execution, the firm said in a Monday press release.
According to the release, the live attack happened on October 10, 2017 and was tied to an attacker known as BlackOasis. The exploit delivers FinSpy commercial malware through a Microsoft Word document, the release said. Kaspersky Lab has since identified Adobe, which issued its own alert.
Once the malware is successfully installed, it connects back to servers in Switzerland, Bulgaria and the Netherlands, the release said. It then awaits commands to exfiltrate data. At the time of this writing, victims had been identified in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, the United Kingdom, and Angola, the release said.
SEE: Information security incident reporting policy (Tech Pro Research)
Nation states and law enforcement use malware like FinSpy for surveillance typically. And while it has primarily been used in domestic situations in the past, the release said, BlackOasis has been using it all over the world.
“This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another,” the post said. “Companies developing surveillance software such as FinSpy make this arms race possible.
The release also noted that this particular strain of FinSpy is the latest version, which has anti-analysis techniques that make it more difficult to analyze. Anton Ivanov, lead malware analyst at Kaspersky Lab, said in the release that this is the third time FinSpy has been used in zero-day attacks.
“Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products,” Ivanov said in the release. “We believe the number of attacks relying on FinSpy software, supported by zero day exploits such as the one described here, will continue to grow.”
Kaspersky Lab encourages businesses to install the update from Adobe immediately, or disable Adobe Flash to avoid this attack.
The 3 big takeaways for TechRepublic readers
- Kaspersky Lab recently identified an Adobe Flash zero day exploit that has been used to install malware on victim computers and steal information.
- The attacker, BlackOasis, is using the FinSpy malware through Microsoft Word documents to attack victim machines, and marking the third time it’s been used in a zero-day attack.
- Companies should update their Adobe Flash or disable it completely to avoid leaving their data exposed.