Cloud Security, Cloud Security, Malware

Microsoft 365, Gmail credentials targeted in Adobe Cloud exploitations

Threatpost reports that threat actors have been exploiting Adobe Creative Cloud accounts to spread malicious images and PDF files with embedded links aimed at exfiltrating credentials belonging to Microsoft Office 365 and Gmail users, a report from Avanan revealed. Researchers said that the ongoing campaign, which was first detected last month, involves attackers creating free Adobe Cloud accounts where they will create PDFs or images with malicious links that will be spread through email. Attackers were found to send emails with a seemingly legitimate PDF named Closing.pdf with an “Open“ button, which when clicked will redirect recipients to an Adobe Document Cloud page, which is actually a typical credential-harvesting page hosted by an attacker-controlled domain, according to Avanan Cybersecurity Research Analyst Jeremy Fuchs. Another email used in the attack was a spoofed Adobe notification found to have grammatical errors. “Though the several hops to get to the final page may cause some red flags from discerning end-users, it won’t stop all who are eager to receive their documents, especially when the title of the PDF — in this case ’Closing’ — can instill urgency,“ said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.