Published: Wed, October 18, 2017
Hi-Tech | By Ellis Neal

Adobe urges users patch Flash after malware attack; shares

Adobe has patched a zero-day vulnerability used by the BlackOasis APT to plant surveillance software developed by Gamma International.

Researchers have warned computer users to patch a security flaw in Adobe's widely distributed Flash after hackers were discovered using the hole to carry out attacks on Windows systems. There is also an interest in global activists and think tanks.

The malware is able to monitor communication software such as Skype, eavesdrop on video chats, log calls, view and copy user files, and more.

Researchers for the company also confirmed that the group behind the recent attacks also had a hand in another zero-day flaw reported in September and is known as BlackOasis.

"In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets", Kaspersky says.

The vulnerability is being exploited by a group called BlackOasis, which is using Microsoft Office "lure documents" to attack people all over the world, including in the UK.

The exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware. "Companies developing surveillance software such as FinSpy make this arms race possible". The workaround is getting the victims' computer connected to command-and-control servers in Switzerland, Bulgaria, and the Netherlands then installing FinSpy. The current targets, which have been detected in Russia, Iran, Saudi Arabia, Libya, and Afghanistan among others, include individuals involved in regional politics, including activists, reporters, and politicians themselves.

Kaspersky said it had first become aware of BlackOasis and its activities in May 2016 in the processing of investigating another zero-day exploit in Flash.

"Flash's days are very numbered but it's having an agonising, protracted exit", said security firm Sophos in a blog post.

Anton Ivanov discovered the zero-day, the third of its kind this year that leads to installation of FinSpy. "We believe the number of attacks relying on FinSpy software, supported by zero-day exploits such as the one described here, will continue to grow".

Adobe released a patch for the issue on the same day that it was publicly disclosed by Kaspersky Lab, which discovered the hole last week.

Like this: