Tencent Yujian: The ransomware virus exploits the high-risk vulnerability of Flash to hack the horse, poisoning users will be extorted bitcoin

The Tencent Security Vision Threat Intelligence Center issued a report saying that the Pardise (Paradise) ransomware virus was detected in a small-scale outbreak. In this attack, hackers embed a SWF file with CVE-2018-4878Flash exploit code on certain pages of pornographic websites. When a netizen visits a pornographic website, it triggers malicious code, causing the computer to be infected with a blackmail virus. The poisoned user will Being extorted bitcoin. The vulnerability tool used by the attacker threatens users of the lower version of Adobe Flash Player. After the vulnerability is triggered, the shellcode is executed, and the Pardise ransomware variant is loaded through the shellcode (the file of the encrypted file is modified to NewCore). The virus does not encrypt user files when the user detects that the user is Russia, Ukraine, Belarus, Kazakhstan, etc. Users are advised to ensure that security software is turned on when browsing certain high-risk websites.