A new zero-day vulnerability(CVE-2018-15982) has been discovered in Adobe Flash Player which is getting exploited by hackers as a part of a targeted phishing campaign. The campaign appears to have been attacking Russian state healthcare institutions.
The zero-day exploit was spotted last week inside malicious Microsoft Office documents which were submitted to VirusTotal from a Ukrainian IP address.
The malicious Microsoft Office documents contained an embedded Flash ActiveX Object in its header that renders when the user opens the document, causing exploitation of the reported Flash player vulnerability.
How does the exploit work?
According to the researchers the final payload is neither in the Microsoft Office file nor in the Flash exploit (inside it).
Instead, the final payload is inside an image file (scan042.jpg), which is itself an archive file, that has been packed along with the Microsoft Office file inside a parent WinRAR archive. The WinRAR is then distributed through phishing emails.
Upon opening the document, the Flash exploit executes a command on the system to unarchive the image file and run the final payload i.e. backup.exe which has been protected with VMProtect( a mechanism meant to block efforts at reverse engineering and analysis.)
The backdoor is programmed to
– Monitor user activities (keyboard or moves the mouse)
– Collect system information and sending it to a remote command-and-control (C&C) server,
– Execute shellcode
– Load PE in memory,
– Download files
– Execute code, and
The vulnerability impacts Adobe Flash Player versions 18.104.22.168 and earlier for products including Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 22.214.171.124 and earlier is also affected.
Adobe has issued a patch to address CVE-2018-15982. Users and admins are advised to test and install the patches as soon as possible
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes.
Adobe Flash Player is one of the most exploited products as it is one of the most widely used. Hence, users are suggested always keep an eye on Adobe Flash Player updates and disable auto-flash player execution in your browsers and other softwares like Microsoft Office.
Although this vulnerability has just been announced, it is not known for how long it has been out in the open. It is possible that certain malicious hackers might already be exploiting this since time unknown. Privacy today is an Urban Legend and time after time such revelations simply prove the same.
Security of an individual is in his own hands and the only way to stay secure is to stay vigilant and suspicious about every email, link and message one gets on the internet.
One cannot protect himself if files with zero-day exploits if they get inside your device, however, you can take the below precautions to ensure that the malware doesn’t get into your system in the first place:
Install a good trusted antivirus with a valid license
Keep an eye out on fake/fraud phishing emails that might be trying to convince you to visit link/download things by scaring you or luring you with some discount/offers/prizes.
Never download softwares from untrusted sources such as pirated websites, blogs, torrents etc as they mostly contain some kind of malware. Only download from official websites.
Never click on unknown links and attachments in emails.
Be aware of any social engineering tactics that can be used by hackers to steal data.
Never leave your system unattended.
Do not connect to unknown WiFi networks.
Use two-factor authentication wherever possible.
If you are running an organization, train your employees and make them aware of the common phishing attacks. Hackers often target employees in order to gain confidential information about the company.
Your email address will not be published. Required fields are marked *
Notify me of follow-up comments by email.
Notify me of new posts by email.
Sign me up for the newsletter!
Indian e-Residents set up 205 new Estonian companies in 2018
MSME Loan Mela: One Stop Solution for MSME Finance
LAND ROVER’S ‘NEVER STOP DISCOVERING’ CAMPAIGN AIMS TO RAISE AWARENESS ON WILDLIFE CONSERVATION
Piramal Foundation Partners with Government of Maharashtra to Improve Healthcare and Access to Safe Drinking Water Across the State
An Affair By The Sea
2014 The Global Indian New Network (TGINN)