Given the recent increase in Bitcoin ransomware attacks all over the world, security researchers have been trying to figure out which vulnerabilities have been exploited by hackers. As it turns out, the recent zero-day exploit in Flash is being used as part of the Magnitude exploit kit to distribute various forms of Bitcoin ransomware.
Magnitude EK Uses Flash Zero-day Vulnerability
Just a few days ago, Adobe announced they had discovered a serious vulnerability in their Flash software package, which was patched as of yesterday morning. This prompt response by the company should avoid hackers making use of this zero-day vulnerability, but nothing could be further from the truth.
Proofpoint, a security research company, has found evidence this particular Flash exploit has been used to deploy bitcoin ransomware around the world. More specifically, both Locky and Cerber ransomware strains have found their way to computers because of this vulnerability, as it is part of the Magnitude exploit kit.
Locky has been making media headlines in recent months, as its victims are plentiful and spread out all over the world. Cerber, a different type of Bitcoin ransomware which “talks” to its victims, has been spread through the Magnitude exploit kit. Although Adobe has patched this zero-day vulnerability, the threat is far from over.
A second exploit kit, called Nuclear Pack, contains the necessary tools to abuse this zero-day exploit in Flash as well. However, at the time of publication, it remained unclear as to whether or not Nuclear Pack has caused any bitcoin ransomware infections so far. Several systems around the world remain vulnerable to the Flash exploit, as Adobe is not supporting all operating systems with this patch.
For example, Windows XP and Windows 7 users will be vulnerable, but even Windows 10 users are not out of the woods yet. A lot of computer users might be running an older Adobe Flash version on their machine, and the released patch means users will have to perform a manual update. Those who fail to do so may find themselves targeted by Bitcoin ransomware in the future.
One positive note to take away from this story is how this discovery server as another reason to get rid of Flash altogether. Adobe has been working on phasing out Flash over the past few months, in favor of HTML5 solutions. Unfortunately, it will take quite some time until this process has been completed.
What are your thoughts on this recent Flash zero-day vulnerability to spread Bitcoin ransomware? Let us know in the comments below!
Source: Tweakers (Dutch)
Images courtesy of Adobe, Shutterstock