A link included in the page would take the intended victim to the same CAPTCHA page. If the recipient clicked on the link to review and sign the document, they were once again taken to Adobe and presented with the same document as before. However, the intended victim realized that the document might not be legitimate and did not click the link.Ī few days later, the attackers targeted the recipient again, this time with a request that also included a link to a page hosted on, another document signing service. Given that the message is sent from a legitimate Adobe email address and the document for which the signature request is sent is hosted on Adobe’s servers, the message bypasses any protections that the victim might have in place.Īcrobat Sign also allows the sender to add text to that email, and cybercriminals are abusing this feature to lure unsuspecting recipients into downloading malware.Īs part of the observed attack, threat actors sent signature requests for documents that contain a link to a CAPTCHA page that in turn would take the victim to the download page for a ZIP file containing the RedLine stealer.įirst seen in early 2020, RedLine can harvest and exfiltrate system information, along with data typically saved in browsers, such as steal credentials, credit card data, and crypto wallet information.ĭisplaying a fake notice of copyright infringement, the document analyzed by Avast was specifically created to target the owner of a popular YouTube channel.
When a signature request is sent, Acrobat Sign automatically generates and sends an email to the recipient, with a link to the document, which can be a PDF, Word, HTML, or another file type. Cybercriminals have been observed abusing Adobe’s Acrobat Sign service to deliver emails leading to a RedLine stealer infection, cybersecurity firm Avast warns.Īcrobat Sign is a cloud service that allows registered users to sign, send, and track documents in real-time, as well as to send signature requests to anyone.
0 kommentar(er)
