You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- New Lord exploit kit exploits Flash Player vulnerability to push ERIS ransomware

New Lord exploit kit exploits Flash Player vulnerability to push ERIS ransomware
New Lord exploit kit exploits Flash Player vulnerability to push ERIS ransomware- August 5, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_127762841.jpg)
- The exploit kit is believed to be a part of a malvertising campaign spread through the PopCash ad network.
- It was found to target a vulnerability in Flash Player in order to drop and execute ERIS ransomware in the machine.
A new exploit kit (EK) named ‘Lord’ was identified in a recent malvertising campaign. Spotted by security expert Adrian Luca, threat actors used the EK to drop and execute ERIS ransomware.
The EK looks for a specific vulnerability in Flash Player in order to execute the payloads. Furthermore, the Lord EK uses the Ngrok tunneling service for creating custom hostnames for the URLs it used.
The big picture
- In a blog, researchers from Malwarebytes highlight the details of the EK who found it to be part of a malvertising campaign run through PopCash ad network.
- It leveraged a compromised website to redirect visitors to a landing page. This page contains a function to check whether Flash Player is installed on compromised machines. It also collects information about the Flash Player version and other network-related details.
- The kit is known to exploit a use-after-free vulnerability (CVE-2018-15982) that exists in older versions of Flash Player which leads to arbitrary code execution.
- Earlier, it was noted that the threat actors deployed njRAT through the EK. However, they have now resorted to distributing ERIS ransomware from this kit.
Malware under active development
Malwarebytes researchers suggest that the threat actors behind Lord EK are making changes for more spread. “It is still too early to say whether this exploit kit will stick around and make a name for itself. However, it is clear that its author is actively tweaking it,” wrote the researchers.
- + Aware
Get such articles in your inbox
News
-
Previous News IKEA inadvertently exposed over 400 email addresses due to human error
- August 5, 2019
- |
- Breaches and Incidents
-
Next News Murfreesboro City Water Department’s Bill Payment Website Hacked by Iranian Hackers
- August 5, 2019
- |
- Breaches and Incidents
Popular News
Related News
-
Uncovering the Latest Exploit Kit Trends
- November 26, 2019
- |
- Malware and Vulnerabilities
Categories
Get such articles in your inbox
News
-
Previous News IKEA inadvertently exposed over 400 email addresses due to human error
- August 5, 2019
- |
- Breaches and Incidents
-
Next News Murfreesboro City Water Department’s Bill Payment Website Hacked by Iranian Hackers
- August 5, 2019
- |
- Breaches and Incidents
Popular News
Related News
-
Uncovering the Latest Exploit Kit Trends
- November 26, 2019
- |
- Malware and Vulnerabilities
Categories
