• Four exploit kits namely GrandSoft, Rig, Fallout, and RadioEK were discovered and reported for redirecting visitors to malicious landing pages.
  • The kits are équipped with password-stealing Trojans, ransomware, and clipboard hijackers.

What's the threat?

Exploit kits contain a collection of automated threat programs to exploit known vulnerabilities in the systems or applications. The kits silently look for the vulnerabilities on the victim’s device and try to overtake the control of the device to download and install the loaded malware. The criminal group/s behind the recent malvertising campaigns were found to have similar motives.

Here are the four exploit kits that made the headlines:

  • GrandSoft for Ramnit banking trojan: The password-stealing trojan can steal victims' saved login credentials, browser history, online banking credentials, FTP accounts, site injections, and more.
  • Rig for Amadey and clipboard hijacker: The exploit kit targets the CVE-2018-8174 (Microsoft Internet Explorer VBScript Engine) and CVE-2018-15982 (Flash Player), and other vulnerabilities to infect visitors, which usually includes a link to a malware website. The hacker gains the control computer’s clipboard and can edit the content to drive the user on the malicious website.

In a separate attempt, the exploit kit installed Amadey, a trojan which is capable of stealing credentials and download and execute additional malware.

  • Fallout for clipboard hijacker: Fallout exploit kit targets the CVE-2018-15982 (Flash Player) and CVE-2018-8174 (Microsoft Internet Explorer VBScript Engine ) vulnerabilities.
  • RadioEK for Nemty Ransomware: Considered a weak malware, Nemty targets the CVE-2016-0189 vulnerability in JScript and VBScript for Internet Explorer that Microsoft patched in 2016.

The solution

To safeguard yourself from exploit kits, the easiest and effective way is to ensure the installation of the latest security updates for both OS and any software installed on the system. Every program that interacts with a web browser to add additional functionality such as PDF Readers, Adobe flash player, and others must be updated.

Cyware Publisher