Hackers are exploiting Adobe Creative Cloud to harvest user credentials

News
By published

New campaign hides links to credential harvesting pages inside PDF files

Hacker Typing
(Image credit: Shutterstock)

Hackers have come up with a new way to leverage the popularity of Adobe Creative Cloud to bypass email security solutions and harvest user credentials.

Beginning in December of last year, Checkpoint-owned Avanan observed a new wave of hackers creating Adobe accounts for nefarious purposes. After creating an account, the hackers then import a PDF file into Adobe's cloud storage which contains links to sites used to harvest the credentials of unsuspecting users.

By sharing files containing malicious links using Adobe Creative Cloud, attackers are able to appear legitimate to potential victims while also ensuring that their emails will be able to bypass Advanced Threat Protection (ATP) and other endpoint protection software.

Hiding credential harvesting pages

In a new blog post, Avanan explains that these attacks begin with an innocent-looking PDF sent via Adobe Acrobat and shared with a user over email. These emails arrive directly from Adobe and a sense of urgency is instilled by an attacker to trick potential victims into opening them.

When a user clicks “Open”, they are redirected to a fake Adobe Document Cloud page where they'll need to click on another button to access their document. While a discerning user may notice the spelling and formatting errors, those in a hurry might click through without thinking. If they do, they are then redirected to a classic credential harvesting page hosted outside of Adobe Creative Cloud where they're prompted to log in and in doing so, give up their email address and password to an attacker.

Over the course of last few weeks, Avanan has observed thousands of these attacks including 400 in 2022 alone.

To avoid falling victim to this and other similar attacks, end users should carefully inspect all Adobe Creative Cloud pages for grammar and spelling, hover over links to ensure the intended page is legitimate and ensure their antivirus software can open PDF files in a sandbox and inspect all links contained within them.

We've also highlighted the best firewallbest endpoint protection software and best malware removal software

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Poco F6 Pro in white from the back showing its Camera array and branding

For a mid-range handset, the Poco F6 Pro is premium in more ways than one, but I found it hard to ignore some of its key pitfalls
See more latest
Most Popular
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models