The very elusive GreenFlash Sundown exploit kit has expanded its operations out of Asia. The threat actors are using the exploit kit to push SEON ransomware on to the victims’ machines.
What’s the matter?
According to Malwarebytes, the attackers targeted the popular onlinevideoconverter[.]com website to launch the attack campaign. The site drives 200 million visitors per months, which makes it easier for the attackers to target more users.
The exploit kit leverages PowerShell to do some pre-checks before deciding to drop the payload. If the environment is acceptable, the exploit kit drops the SEON ransomware.
Once installed, the ransomware performs a series of actions such as deleting shadow copies. Apart from the ransomware, the GreenFlash Sundown Exploit kit also drops Pony and a coin miner while victims struggle to decide the best course of action to recover their files.
Based on the researchers' telemetry, it is found that this campaign is very much active in North American and Europe.