Cybercriminals have found a new way to distribute info-stealing malware to unsuspecting users: they’re abusing Adobe Acrobat Sign, a cloud-based e-signature service.
Threat actors register with the service and send malicious emails to target email addresses, which originate from Adobe’s servers to bypass security protections and trick recipients into trusting the received email.
Furthermore, Redline is capable of stealing account credentials, cryptocurrency wallets, credit cards, and other information stored on the breached device.
At the same time, researchers at Avast warn that this new trend in cybercrime is highly effective in bypassing security layers and tricking targets.
Highly targeted attacks have also been spotted employing this method, such as in one case where the target owned a popular YouTube channel with many subscribers.
The ZIP archive containing Redline was artificially inflated to 400MB in both cases, which helps protect from anti-virus scans.
This same method was used in recent Emotet malware phishing campaigns.
Cybercriminals are constantly looking for legitimate services that can be abused to promote their malicious emails.
Finally, Avast has shared all details of its findings with Adobe and dochub.com, and it is hoped that the two services will find a way to stop abuse from malware operators.