RedLine info stealer distributed via Adobe Acrobat Sign exploitation

Cloud-based e-signature service Adobe Acrobat Sign is being exploited by threat actors to facilitate the deployment of the RedLine information-stealing malware, BleepingComputer reports. Attackers have been leveraging Adobe Acrobat Sign to send emails linking to documents hosted on Adobe, which when clicked would eventually prompt the delivery of a ZIP archive with the RedLine info stealer, an Avast report revealed. Among the targets of the attack was a popular YouTuber who received a message via Adobe Acrobat Sign with a document claiming an infringement of music copyright. Researchers noted that the document, hosted on dochub.com, facilitated the delivery of a ZIP archive with non-malicious GTA V executables along with the RedLine stealer. Threat actors behind the attack have also increased the size of the RedLine payload to 400MB in an effort to avert detection from anti-virus systems, with such file inflation technique also leveraged in Emotet phishing attacks.