Recently patched Flash vulnerability spotted in massive malspam campaign

[LASER_oneXM]

A recently patched Flash Player flaw was exploited in a widespread attack spam campaign primarily targeting South Koreans.

The vulnerability was first spotted in the wild as part of a different malspam campaign in late January 2018 by the South Korean Computer Emergency Response Team (KR-CERT), in attacks launched by the North Korean threat group APT 37, also known as Group 123, according to a Feb. 4 Security Boulevard blog post.

Researchers from the Hauri security firm, however believe the exploit has been in use since November 2017. The vulnerability could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions and potentially allow an attacker to take control of the affected system. The flaw was patched in a Feb. 6 Adobe System update.

The vulnerability was most recently spotted in a new campaign with changes made to bypass traditional static detection systems that already had signatures for the original exploit.

“Researchers from security firm Morphisec now report that they've seen CVE-2018-4878 being exploited in a massive malspam campaign that distributes shortened URLs pointing to malicious Word documents,” researcher said in the blog. “The documents embed the exploit code for the Flash Player vulnerability, which, if executed, will launch cmd.exe and will download an additional payload from a remote server.”

 

[MeltdownEnemy]

An irrefutable truth of Adobe FlashPlayer is to remain one of the weakest flanks within our OS that should be purged, also all multimedia webhosting should migrate their sets to html5 immediately, I don't trust! I don't like! about that flash coming integrated in Windows, the deep way of its installation, realtime load, and updating modules folder is hosted (system32 & syswow64 \ Macromed \ Flash \), the saddest thing is that it is not a development of the microsoft team and they continue to add it by default on all its ISO's installations forcefully. Today I am searching without rest, an application that simulates the streaming reproduction of flash at html5 on all sites that require installation of adobe, but unfortunately I can't find anything. I don't think I'm the only one looking for that.

 

[upnorth]

Best news ever : Google Chrome: Flash Usage Declines from 80% in 2014 to Under 8% Today

If the same trend occur with other browsers it's a bit suprise that malware writers still care or it's the spray the code all over and hope for a hit mentality.

 

[shmu26]

If you just keep your software updated, you are okay most of the time, even if you use flash etc

 

[Malware Person]

not that surprised. Flash is (in)famously known for their security holes vulnerabilities.