Cloud-based e-signature service Adobe Acrobat Sign is being exploited by threat actors to facilitate the deployment of the RedLine information-stealing malware, BleepingComputer reports.
Attackers have been leveraging Adobe Acrobat Sign to send emails linking to documents hosted on Adobe, which when clicked would eventually prompt the delivery of a ZIP archive with the RedLine info stealer, an Avast report revealed.
Among the targets of the attack was a popular YouTuber who received a message via Adobe Acrobat Sign with a document claiming an infringement of music copyright. Researchers noted that the document, hosted on dochub.com, facilitated the delivery of a ZIP archive with non-malicious GTA V executables along with the RedLine stealer.
Threat actors behind the attack have also increased the size of the RedLine payload to 400MB in an effort to avert detection from anti-virus systems, with such file inflation technique also leveraged in Emotet phishing attacks.
Attackers have been leveraging Adobe Acrobat Sign to send emails linking to documents hosted on Adobe, which when clicked would eventually prompt the delivery of a ZIP archive with the RedLine info stealer, an Avast report revealed.
Among the targets of the attack was a popular YouTuber who received a message via Adobe Acrobat Sign with a document claiming an infringement of music copyright. Researchers noted that the document, hosted on dochub.com, facilitated the delivery of a ZIP archive with non-malicious GTA V executables along with the RedLine stealer.
Threat actors behind the attack have also increased the size of the RedLine payload to 400MB in an effort to avert detection from anti-virus systems, with such file inflation technique also leveraged in Emotet phishing attacks.



