Adobe has patched a new Flash security flaw that was being used by attackers to install spying tools on victims’ computers.
The security bug was delivered using malicious Flash files embedded in Microsoft Word documents, sent as an email attachment to targets.
When the document was opened, the FinSpy malware would secretly install itself.
The vulnerability was discovered by Russian security firm Kaspersky Lab.
The flaw was discovered by Kaspersky Lab researchers on 10 October.
They found that the attacker – thought to be a group called BlackOasis – was targeting the governments of various countries who are members of the United Nations, as well as oil and gas companies in several regions.
In the UK, activists and several non-governmental organisations (NGOs) were targeted by the attackers, but not government agencies.
Kaspersky contacted Adobe on the same day it discovered the exploit, and Adobe published the patch on Monday 16 October.
What is FinSpy?
FinSpy is a surveillance software product developed by Anglo-German firm Gamma International.
It is a legal spying tool that is used by law enforcement agencies around the world for lawful surveillance during criminal and anti-terror investigations.
“What is unusual about BlackOasis is that they are using legal surveillance tools to hit other nation states,” Costin Raiu, the director of Kaspersky’s Global Research & Analysis Team told the BBC.
“This is unusual because everybody was using these tools for lawful surveillance in their own countries.”
Due to the numerous security issues relating to Adobe Flash, the software is now gradually being phased out.
However, some older websites still use it, so web browsers now come with protections to prevent attackers from exploiting Flash to sneakily install malware on consumers’ computers.
This has proved effective in curtailing Flash exploits in the web browser, so to make the attack work, BlackOasis appeared to have embedded a Flash file in a Microsoft Word document, because this stops the typical protections from working.
Mr Raiu thinks that Microsoft should consider blocking certain types of files from launching when Word documents are opened.
He recommended that consumers install the patch for Flash even if they don’t think they are using it on their computers, because it might still be installed.
“The most worrying thing in this story is that tools produced by these companies specialising in lawful surveillance are being used to fuel cross-country espionage and contribute to the increasing climate of world cyber war,” said Mr Raiu.
“The creator of the tool is a UK company, and then it is used to spy on British targets. I just find the whole concept a bit worrying.”