Security News > 2022 > January > Adobe Cloud Abused to Steal Office 365, Gmail Credentials

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered.

Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

The attack vector works like this: An attacker creates a free account in Adobe Cloud, then creates an image or a PDF file that has a link embedded within it, which they share by email to an Office 365 or Gmail user.

Though the links inside the documents sent to users are malicious, they themselves are not hosted within Adobe Cloud but, rather, from another domain controlled by attackers, he added.

When the user clicks on the link, he or she is redirected to an Adobe Document Cloud page that includes an "Access Document" button that supposedly leads them to the Adobe PDF. However, that link actually leads to "a classic" credential-harvesting page, which is hosted outside the Adobe suite, according to the report.

One is to inspect all Adobe cloud pages for grammar and spelling, and to hover over links to ensure the intended page is legitimate, they said in the report.

News URL

https://threatpost.com/adobe-cloud-steal-office-365-gmail-credentials/177625/