There’s been a new wave of hackers creating accounts in Adobe and importing PDF files that redirect users to credential harvesting pages.
Avanan, a Check Point company, has observed thousands of similar attacks in the last few weeks. According to cybersecurity research analyst Jeremy Fuchs, there have been over 400 attacks since the new year.
“In this attack, hackers are creating an account within the Adobe Cloud Suite. Once they do this, they can easily import a PDF file. In that PDF file is a link that leads to a credential harvesting page. To the end-user, a legitimate email from Adobe will hit the inbox. This bypasses ATP protection since Adobe is a trusted sender, and there’s nothing malicious inside the PDF itself,” Avanan detailed in a blog post.
At first, you get an email via Adobe Acrobat, looking something like this:
If you click to open the document, you will be redirected to the Adobe Document Cloud Page.
When clicking on “Open,” the user gets redirected to this Adobe Document Cloud page. Then, if they click on the “Access Document” link, they will be redirected to a classic credential harvesting page hosted outside the Adobe suite and asked to sign in.
Though several hoops to get to the final page may cause some red flags from discerning end-users, it won’t stop all who are eager to receive their documents, especially when the title of the PDF can instill urgency.
More from CyberNews:
Subscribe to our newsletter