Mercredi, 5 Août 2020
Dernières nouvelles
Principale » Adobe Flash Vulnerability Allows Hackers To Plant Malware

Adobe Flash Vulnerability Allows Hackers To Plant Malware

18 Octobre 2017

A new zero day, dubbed BlackOasis, has popped up according to researchers from Kaspersky Labs.

Kaspersky said it discovered the bug, which has been given the common designation CVE-2017-11292, being used by a hacking group called BlackOasis to attempt to install the FinSpy spying software, also known as FinFisher.

The exploit is delivered to victims through a Microsoft Word document laced with a malicious installer that compromises the user's machine and plants the FinSpy malware.

The group has been known to exploit vulnerabilities in Flash to upload the FinSpy malware, which is a commercially available tool commonly used for surveillance activites.

This piece of malware is known as FinSpy or FinFisher and is actually a commercial product that is sold to countries and law enforcement agencies to conduct surveillance, and that in this particular instance a group called BlackOasis managed to plant that malware inside of Flash and has used it to target Middle Easter politicians, United Nations officials, opposition bloggers, activists, and journalists. "BlackOasis is a significant exception to this - using it against a wide range of targets across the world". "Companies developing surveillance software such as FinSpy make this arms race possible".

Beauchamp Sells 23530 Shares of Paylocity Holding Corporation (NASDAQ:PCTY) Stock
The sale was disclosed in a legal filing with the Securities & Exchange Commission, which is available through this hyperlink . BidaskClub cut Paylocity Holding Corporation from a "buy" rating to a "hold" rating in a research note on Monday, July 31st.

Once the FinSpy malware is installed through means like this week's Flash vulnerability, the affected systems connect to command and control servers in Switzerland, the Netherlands and Bulgeria, where data can then be extracted.

"The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities", said Ivanov. They also appear to have an interest in verticals of particular relevance to the region. "There is also an interest in global activists and think-tanks", the company said.

"We believe the number of attacks relying on FinFisher software, supported by zero day exploits such as the ones described here will continue to grow", Kaspersky said in its advisory. "Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products".

Victims of the APT have been spotted in countries including Russia, Iraq, Afghanistan, Nigeria, Libya, and Angola, but the groups' interests are hard to pin down beyond politics - spanning across everything from oil to money laundering and think tanks.