Recently patched Adobe Flash bug added to Nuclear Exploit Kit
Adobe confirmed to Malwarebytes that a variant of CVE-2015-0336 is being exploited in the wild, according to a Thursday post, which explains that malware identified as Trojan.GenPe3.ED is being delivered.
“The Flash exploit was packed with secureSWF (a legitimate program from Kindi software) to protect it from decompilers and make security researchers' jobs more interesting,” Jerome Segura, senior security researcher with Malwarebytes, wrote in the post.
According to Trend Micro, the exploit is being served up to users via compromised websites. A Friday post explains that more than 8,700 users have visited URLs involved in the attack, with about 90 percent being from Japan and three percent being from the U.S.