Connect with us

Hi, what are you looking for?


Malware & Threats

TeslaCrypt Delivered via Recently Patched Flash Exploit

An exploit for a recently patched Adobe Flash Player vulnerability has been added to the Angler exploit kit and it has been used by cybercriminals to deliver the file-encrypting ransomware known as TeslaCrypt.

An exploit for a recently patched Adobe Flash Player vulnerability has been added to the Angler exploit kit and it has been used by cybercriminals to deliver the file-encrypting ransomware known as TeslaCrypt.

The French security researcher who uses the online moniker “Kafeine” reported last week that an exploit for a Flash Player heap buffer overflow vulnerability (CVE-2015-8446) patched by Adobe on December 8 had been added to Angler. This flaw, reported by an anonymous researcher via the Zero Day Initiative (ZDI), was one of the 77 security issues resolved by Adobe with the release of Flash Player and

Kafeine reported that an exploit for this vulnerability was added to Angler on December 14. The instance observed by the researcher had been used to deliver the Bedep ad fraud malware.

On Saturday, antimalware firm Malwarebytes warned that the CVE-2015-8446 exploit added to Angler had been used by cybercriminals to deliver a new variant of the TeslaCrypt ransomware. VirusTotal shows that only a handful of antimalware products detected the new variant at the time of discovery.

Once it infects a computer, the ransomware encrypts files and renames them with a .vvv extension. Victims are instructed to pay $500 within one week, after which the price for the private key needed to recover the files increases to $1,000.

Fortinet researchers published a blog post last week detailing a spam campaign designed to deliver the same TeslaCrypt variant. However, as Fox-IT’s Yonathan Klijnsma pointed out, Fortinet researchers confused TeslaCrypt with CryptoWall. It’s worth noting that TeslaCrypt 2.0 copies the ransom screen from CryptoWall 3.0.

Heimdal Security reported earlier this month that it had observed a rise in TeslaCrypt infections. Attackers launched a large spam campaign to deliver the ransomware to companies in the United States and various European countries, including Germany, the UK, France, Italy and Spain.

Advertisement. Scroll to continue reading.

TeslaCrypt has been around since at least February 2015, but it started making headlines in March when experts noticed that it was targeting video game files. TeslaCrypt 2.0, released in July, brought an improved encryption mechanism.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.