Last week, a zero-day vulnerability in Adobe Flash Player was patched. Users of the multimedia player can now run the software safely, without facing a risk of having their devices compromised by a new Adobe Flash exploit. Provided the patch has been installed.
Adobe Flash exploit being used to drop ransomware on unpatched devices
Any computer with Flash set to run automatically is at risk if the latest version of the software – Version 126.96.36.199 – has not been installed. Since the latest version of the software was released on June 23, the Adobe Flash exploit has been found in the wild. Hackers are using the Magnitude exploit kit to drop Cryptowall ransomware on unpatched computers. It took only four days since the release of the Adobe patch for an exploit to be packed into Magnitude.
The latest version of Flash Player has been released to deal with the vulnerability known as CVE-2015-3133. This vulnerability allows hackers to remotely execute code to take advantage of a bug in the software. The Adobe Flash exploit is being used to automatically drop ransomware on unpatched devices.
The vulnerability is also being exploited by at least one hacking group. APT3, a hacking group based in China, has already devised a phishing email campaign to take advantage of the Flash vulnerability. The vulnerability has been known since the start of June, and hackers were quick to exploit it. It took Adobe three weeks to develop the patch, during which time all users of the software – which is most people using the Windows operating systems – have been at risk of attack.
When computers are infected, APT3 is moving infections laterally to compromise multiple hosts. Furthermore, backdoors are being installed so that even when the malware is identified and removed, access to networks is still possible.
APT3 is well known for exploiting zero-day vulnerabilities and is using the current phishing campaign to target companies in specific industry sectors. Their current targets are in the aerospace, construction, defense, engineering, and the telecommunications industries.
There is a serious risk of malware infection from phishing emails, malicious website adverts, and malicious links on social media websites. Those links send traffic to websites containing the Magnitude exploit kit. If anyone visits a website hosting the exploit kit, ransomware and other malware can be installed automatically if the latest version of Adobe Flash Player has not been installed.
Attackers are targeting users of Windows 7 (and below) via Internet Explorer and users of Firefox on computers running on Windows XP.
Fortunately, installation of the latest version of the software will prevent the Adobe Flash exploit from being used to drop Cryptowall malware. The current version of the malware, Cryptowall 3.0, requires infected users to pay a ransom of $300 to unencrypt files. System administrators have spent the past week ensuring all devices are updated with the latest version of the software.