Adobe Warns of New License Key Scam Phishing Campaign

Adobe warned customers Friday about a new rash of phishing attacks “purporting to deliver license keys for a variety of Adobe offerings.”

When hackers breached Adobe in October and spilled millions of its customers’ IDs and encrypted passwords, it was all but certain the attack would result in a wave of subsequent phishing attacks.

It wasn’t exactly clear how soon the attacks would come or what form they’d come in, but after two somewhat quiet months it looks like attackers are finally beginning to focus their efforts on a concerted campaign.

The software company sounded the alarm about a new strain of phishing attacks in a blog post Friday warning customers that it was aware of a campaign involving emails “purporting to deliver license keys for a variety of Adobe offerings.”

While Adobe was a bit vague with its warning, it still encouraged users to delete any questionable emails immediately and not to download any attachments or click on any hyperlinks in the emails, especially those of the suspicious variety.

The warning, which was relayed on the company’s Product Security Incident Response Team (PSIRT) blog, also directs users to a page Adobe set up shortly after the breach to help customers spot phishing attacks.

Meanwhile, researchers at both Cisco and MX Lab write they’ve spotted some of the emails in the wild and claim the subject lines vary from email to email. “Download your adobe software,” “Download your license key,” “Thank you for your order” and “Your order is processed” are apparently all subject lines being used in this scam by attackers, according to a post by MX Lab last Thursday

The rest of the email, or at least the one Cisco found, reads as so:

Hello.
Thank you for buying Digital Publishing Suite, Professional Edition Digital Publishing Suite software.
Your Adobe License key is in attached document below.
Adobe Systems Incorporated.

Naturally the text tries to get unsuspecting customers to open an attached .zip file, which in turn contains a malicious .exe file. That file, of course, will go ahead and install malicious code, along with a series of Trojans, onto the system in question.

In what many experts were calling one of the worst breaches in U.S. history – at least before last week’s Target debacle – hackers made off with the personal information of some 38 million odd Adobe users along with the source code for the software company’s design products Acrobat, ColdFusion and Photoshop.

Adobe initially reported somewhere around three million encrypted credit cards and accompanying login data was pilfered from the its servers, yet a cache of information later analyzed by security reporter Brian Krebs, discovered “tens of millions” of accounts have been put at risk.

The breach later made its way to Facebook, who were forced to reset some of its users’ passwords and passwords because they were the same as some compromised in the breach.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.