- The first campaign was observed on November 8 and involved the distribution of the DanaBot banking trojan.
- The second campaign was identified on November 10 and it spread the Nocturnal stealer malware and the GlobeImposter ransomware.
Two new HookAds malvertising campaigns have been observed redirecting users to the Fallout Exploit Kit. These campaigns are lately being used to distribute various different malware variants such as the banking trojan DanaBot, the information stealer Nocturnal and the GlobeImposter ransomware.
According to exploit kit expert nao_sec, the two attack campaigns were discovered last week. The first campaign was observed on November 8 and involved the distribution of the DanaBot trojan and the second campaign was identified on November 10. This campaign spread the Nocturnal stealer malware and the GlobeImposter ransomware.
How does the HookAds campaign work?
Once installed, the exploit kit attempts to exploit the Windows CVE-2018-8174 VBScript vulnerability. Upon a successful exploitation, it allows the Fallout kit to install other malicious payloads, Bleeping Computer reported.