Skip to main content

Flash hit by malware, again

Well someone likes punching a carcass, as Flash has been hit with another malware. According to security firm Trend Micro (opens in new tab) which first spotted the vulnerability, it can be abused by attackers to install software on a victim's computer.

The attack begins, as they usually do, with an email. The email, usually named something related to current news (“Syrian troops make gains as Putin defends air strikes” and “Israel launches airstrikes on targets in Gaza”), contains a link to a site where the Flash exploit is located. Once the unsuspecting victim clicks it, the malware is installed on their computer.

The malware was used in something Trend Micro calls Pawn Storm, a hacking attack targeting several foreign affairs ministries around the globe, which could explain why the emails contained titles relating to current events in the Middle East.

"It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year,” Trend Micro writes in a report.

The security firm has notified Adobe and are working with them to address the issue, it is said in the report.

Flash has been hit by so many attacks recently, that calls for its complete removal have been loud in multiple occasions. The first in the bunch was the late Apple CEO Steve Jobs, who said Flash was too much of a risk to be integrated into iOS. Google has also disabled auto-play on Flash scripts within its Chrome browser.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.