Recently patched Flash vulnerability spotted in massive malspam campaign

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A recently patched Flash Player flaw was exploited in a widespread attack spam campaign primarily targeting South Koreans.

The vulnerability was first spotted in the wild as part of a different malspam campaign in late January 2018 by the South Korean Computer Emergency Response Team (KR-CERT), in attacks launched by the North Korean threat group APT 37, also known as Group 123, according to a Feb. 4 Security Boulevard blog post.

Researchers from the Hauri security firm, however believe the exploit has been in use since November 2017. The vulnerability could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions and potentially allow an attacker to take control of the affected system. The flaw was patched in a Feb. 6 Adobe System update.

The vulnerability was most recently spotted in a new campaign with changes made to bypass traditional static detection systems that already had signatures for the original exploit.

“Researchers from security firm Morphisec now report that they've seen CVE-2018-4878 being exploited in a massive malspam campaign that distributes shortened URLs pointing to malicious Word documents,” researcher said in the blog. “The documents embed the exploit code for the Flash Player vulnerability, which, if executed, will launch cmd.exe and will download an additional payload from a remote server.”
Click to expand...
 
  • Like
Reactions: Faybert, AtlBo, MeltdownEnemy and 2 others
MeltdownEnemy

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
An irrefutable truth of Adobe FlashPlayer is to remain one of the weakest flanks within our OS that should be purged, also all multimedia webhosting should migrate their sets to html5 immediately, I don't trust! I don't like! about that flash coming integrated in Windows, the deep way of its installation, realtime load, and updating modules folder is hosted (system32 & syswow64 \ Macromed \ Flash \), the saddest thing is that it is not a development of the microsoft team and they continue to add it by default on all its ISO's installations forcefully. Today I am searching without rest, an application that simulates the streaming reproduction of flash at html5 on all sites that require installation of adobe, but unfortunately I can't find anything. I don't think I'm the only one looking for that.
 
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
If you just keep your software updated, you are okay most of the time, even if you use flash etc
 
  • Like
Reactions: AtlBo
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
Security News South Korean hackers exploited WPS Office zero-day to deploy malware
Replies
4
Views
2,386
Security News
cartaphilus
cartaphilus
nicolaasjan
    • Like
    • +Reputation
Malware News Infected ads used IE leak for 'zero-click' malware infection
Replies
1
Views
1,344
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News Microsoft Sway abused in massive QR code phishing campaign
Replies
0
Views
1,313
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top