Flash Player Flaw Used to Deliver FinSpy Malware Exploited by Adobe Patches

Adobe has issued a new update for Flash Player to tackle an actively exploited flaw (CVE-2017-11292) that is being used by the hacking group Black Oasis to send out FinSpy malware.

Finspy is not malware as you would expect, it is a legitimate software program developed by the German software company Gamma International. However, its capabilities include a variety of malware-like functions.

As the name implies, FinSpy is surveillance software that is employed for espionage. The software has been extensively deployed by governments and law enforcement agencies to collect intelligence on criminal organizations as well as foreign governments. It seems that Black Oasis is targeting military and government organizations by leveraging this Adobe zero-day weakness to deliver FinSpy malware.

To date, Black Oasis has used the Adobe Flash Player zero-day flaw to complete at least one FinSpy malware attack. That attack was discovered by anti-virus firm Kaspersky Lab, which made Adobe wise to the flaw.

CVE-2017-11292 is a memory corruption vulnerability which was exploited via spam email using a Word document with an embedded Active X object including the Flash exploit. While this cyberattack involved FinSpy malware, the attack style could be used to broadcast any number of different malware and ransomware variants.

Adobe has revealed that the vulnerable versions of its Flash Player are 27.0.0.159 for Windows, Mac, Linux, and Google Chrome and 1127.0.0.130 for Internet Explorer 11 (Windows 8.1 and 10) and Microsoft Edge. To protect systems against cyberattack, Flash should either be turned off, removed, or updated to the most recent version – v27.0.0.170.

Kaspersky, which has been tracking Black Oasis attacks, has announced that the hacking group’s previous targets have been based in Afghanistan, Angola, Bahrain, Iran, Iraq, Jordan, Libya, Nigeria, Russia, Saudi Arabia, the Netherlands, Tunisia, and the United Kingdom. Black Oasis have been utilizing at least 5 different zero-day exploits.

While Black Oasis is focused on the military, governments, and political figures and activists, now that reports that the update has been issued, it is likely that other players will try to exploit the flaw and use it to broadcast malware to businesses and consumers. It is therefore vitally important that the patch is applied to keep systems safe from attack.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Emma Taylor

Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on https://twitter.com/defensorum and contact Emma at emmataylor@defensorum.com.
Twitter