Researchers from Avanan, a Check Point company, discovered an ongoing campaign in which threat actors are creating accounts within Adobe Cloud suite and sending images of illegitimate PDFs to target Gmail and Office 365 users. The campaign was uncovered in December. The PDF links and other malicious email attachments lead victims to a link that steals credentials, according to Avanan. Adobe Creative Cloud is a popular file-sharing platform and allows users to perform different functions with apps such as Photoshop and Acrobat. The attackers are primarily targeting Office365 users, however, Avanan reported that they have observed the same campaign hit Gmail inboxes as well.
The attackers created images and files that appear to be legitimate, with malicious links embedded in them. Next, they share the files via email to Office365 and Gmail users. Security researchers compared the process to creating a Docusign, and sending it to the desired recipient who then received an email notification directing them to click the link. In this case, the links themselves are not hosted within Adobe Cloud but from another domain controlled by attackers.
Read More: Adobe Cloud Abused to Steal Office 365, Gmail Credentials