Fake Adobe Security Update malware campaign

Red Condor issued a warning of a new malware threat crafted to appear as an email thread discussing vulnerabilities in Adobe software.

The campaign targets Adobe customers and consists of a fake thread of forwarded emails that begins with a security update message from an employee in “Adobe Risk Management.” The campaign warns recipients of a “Denial of Service Vulnerability” in the Adobe software and “strongly advises” that companies running the software update their systems with the “latest security patch.”

The most convincing and potentially damaging aspect of the campaign is the structure of the forwarded thread, which is spoofed and customized per message and recipient.

The thread contains what appear to be the full names and email addresses of people in higher positions in the recipient’s organization, possibly a technique to make the message and call to action seem legitimate.

Embedded in the body of the email are links to a PDF file that contains the update instructions for the security patch, and an executable, which has been identified as a Trojan virus. Red Condor is the first to detect the malware campaign; the vast majority of AV engines failed to recognize the malicious download.

“This sophisticated campaign demonstrates the length scammers will go to get their emails past security so they can deploy malware on unsuspecting users’ systems,” said Dr. Tom Steding, president and CEO of Red Condor. “The email itself contains convincing language and appears to have already made it through chains of command at the victim’s company. Overall, it’s a convincing campaign that could be a significant threat if the message volume increases.”

Recipients of the fake Adobe Security Update email should delete it immediately and not click on the embedded PDF or web site links.