A known critical vulnerability in the Adobe Flash Player can serve as a gateway for cybercriminals to hijack your computer. Researchers from cyber security research group Morphisec spotted the vulnerability in use in a phishing campaign using Word documents.
This is the second time this vulnerability code named CVE-2018-4878 appears as a tool for an attack. Hackers from the North Korean group ScarCruft figured in the first attack exploiting CVE-2018-4878 with the use of compromised Excel files. The main difference this time around is that instead of operatives working for a nation state, a group of cybercriminals are profiting through this weakness in Adobe’s software.
Security researchers were able to tell because of the group’s relatively unsophisticated tactics. The cybercriminals took over a domain in a brief window of time whereas more advanced threat actors would have to prep one for a longer period of time. These criminals also worked a shorter campaign and did not perform advanced techniques to hide their activities.
Victims of the latest campaign are mainly located in Europe and the US and numbered to be 1000. This number is larger than the last batch of victims but the attacks centered mainly on webmasters to post offices – potential distribution points to multiply their attacks. These targets used email clients and received phishing email embedded with Google-shortened URLs to infected sites.
The security researchers still see CVE-2018-4878 as a possible tool for hackers in future attacks because of its stability as an exploitable resource. We advise readers to avoid clicking on links and downloading files from unverified contacts.