Hackers are reportedly exploiting the uncertainty surrounding Adobe Flash.
A serious bug in the software was discovered earlier this week, after spyware company Hacking Team was itself hacked.
Adobe quickly released an update, which it urged users to download “within 72 hours”, and now a separate group of cybercriminals is trying to use this to its advantage.
A hacking group known as Wekby has launched a spear-phishing campaign off the back of the discovery of the Flash vulnerabilities, circulating malware-ridden emails disguised as Adobe security alerts.
The infected messages all appear to come from firstname.lastname@example.org, and feature the subject line ‘Important Flash update’.
If you were to click the link in the email, data-stealing malware would be installed on your machine.
The malware reportedly leverages one of the vulnerabilities found in the Hacking Team leaks, meaning that users running the updated version of Flash should be safe.
Needless to say, you should avoid opening the email, or any other suspicious-looking messages.
“The attackers launched spoofed email messages purporting to be from Adobe,” said Volexity founder Steven Adair, who discovered the new campaign. “The email messages references an Adobe Flash update and encourages the recipients to click a link to download and install the update.”
Around 400GB of data was stolen from Hacking Team and subsequently posted online.
SEE ALSO: Which browser’s best for you?
The Italian company, which hailed the Adobe flaw as “the most beautiful Flash bug for the last four years”, sells spyware to government agencies around the world.