Magnitude Exploit Kit (EK) has been upgraded to target Chromium-based browsers running on Windows systems. To date, Magnitude EK was known to target only Internet Explorer.

What has happened?

Recently, security researchers from Avast tweeted that Magnitude EK was observed targeting Windows and Chrome vulnerabilities in a new wave of attacks.
  • Apparently, the developers of Magnitude EK added support for two new exploits. The first one targets Google Chrome while the other one targets Microsoft’s Windows.
  • The exploited Google Chrome vulnerability is tracked as CVE-2021-21224 and the Windows flaw is tracked as CVE-2021-31956.
  • The recently observed attacks are targeting only Windows builds 18362, 18363, 19041, and 19042 (19H1–20H2). However, the attacks don’t seem to involve any use of a malicious payload.

About the exploited vulnerabilities

  • CVE-2021-21224: It is a type-confusion bug in the V8 rendering engine that allows RCE. The bug has been exploited in attacks on a few occasions, however, Google has already fixed the flaw.
  • CVE-2021-31956: It is an elevation of privilege vulnerability that allows attackers to avoid Chrome’s sandbox and obtain system privileges. This flaw was patched by Microsoft in June.

Previously, these two vulnerabilities were used in a malicious activity named PuzzleMaker, which has not yet been associated with any known threat group.

Ending Notes

At present, Magnitude EK does not use any malicious payload and it might change in the coming times. Experts conjecture that soon there could be an attack followed by additional malware being dropped on compromised systems. Therefore, it is recommended to ensure that the system and software used are up-to-date.
Cyware Publisher