Hackers have come up with a new way to take advantage of the popularity of Adobe Creative Cloud to bypass email security solutions and harvest user credentials.
In early December last year, Checkpoint-owned Avanan saw a new wave of hackers creating Adobe accounts for nefarious purposes. After creating an account, the hackers then import a PDF file into Adobe’s cloud storage that contains links to sites that have been used to harvest the credentials of unsuspecting users.
By sharing files containing malicious links using Adobe Creative Cloud, attackers are able to appear legitimate to potential victims, while also ensuring that their emails are able to bypass Advanced Threat Protection (ATP) and other endpoint protection software. will be able
Hiding Credential Harvesting Pages
In a new blog post, Avanan explains that these attacks begin with an innocent-looking PDF sent via Adobe Acrobat and shared with a user over email. These emails come directly from Adobe and a sense of urgency is created by an attacker to trick potential victims into opening them.
When a user clicks “Open,” they are redirected to a simulated Adobe Document Cloud page, where they must click another button to access their document. While a savvy user might notice spelling and formatting errors, those in a hurry may click without thinking. If they do so, they’re redirected to a classic credential harvesting page hosted outside of Adobe Creative Cloud, where they’re asked to log in and, in doing so, give an attacker their email address and password. leave.
During the past few weeks, Awanan has seen thousands of such attacks, including 400 in 2022 alone.
To avoid falling victim to this and other similar attacks, end users should carefully inspect all Adobe Creative Cloud pages for grammar and spelling, hovering over links to ensure that their antivirus software is in the sandbox. Can open and inspect PDF files. All links contained within them.
We have also highlighted best firewall, best endpoint protection software And best malware removal software