White hat hacker is accused of hacking Bulgaria's tax office
infosec

White hat hacker is accused of hacking Bulgaria's tax office

An expert in the field of cyber security and white hat hacker, who is accused of hacking the data more than ...
Read More
infosec

FSB: Hackers have violated the Russian Security Service!

Hackers have violated the servers of the Russian Federal Security Service (FSB) by gaining access to 7.5 terabytes of data from a major Sybate FSB contractor. The...
Read More
infosec

Chrome & Firefox extensions stole millions of data

A huge leak of data was discovered by security researcher Sam Jidali and his team. Leakage came from 8 ...
Read More
infosec

The first Online Mobile Malware Observation for Android from Upstream

Secure-D, the Upstream security platform, the leading Greek technology company, launches the first online Mobile Malware Observatory with ...
Read More
infosec

Password Alert: 72% of users are recycling passwords!

Password Alert: Users recycle the same password on average four times, according to a Security.org report ....
Read More
Latest Posts

Embedded ad server installs SEON Ransomware and Trojans

RansomwareThe ad server a very popular one website video conversion has been compromised in order to propagate malware through ads. Specifically, it downloads it GreenFlash Sundown exploit Kit, which in turn installs SEON Ransomware, the Pony Trojan, and miners on a vulnerable computer.

Malwarebytes explains, in a report, that the hackers, behind the GreenFlash Sundown exploit kit are used to breaking the ad server an advertiser-publisher in order to spreads malicious software site visitors through ads.

Malwarebytes said he detected a malvertising campaign on a popular video conversion site, called onlinevideoconverter [.] Com. This site has over 200 million visitors each month.

When users visit the site to convert their videos, the ad server loads the exploit kit. This is done in the following way: the ad server offers a fake file GIF, which contains JavaScript, which redirects the user to the explot kit portal.

Ransomware

The kit will then attempt to exploit a Flash exploit, and if it does, it will execute a PowerShell command.

This command will check whether the computer is a virtual machine or not. If it is not, it will install SEON Ransomware, as shown below.

In addition to SEON Ransomware, the exploit kit will also install a miner and the Pony Trojan, which steals information.

The site itself has not made any statements so far, whether it knew about this security issue.

Exploit kits are often used to install ransomware

At the beginning of the year, there seemed to be a reduction in ransomware attacks. However, lately they have made a comeback and are often distributed through exploit kits.

Only three different ransomwares of this type have been distributed this month attack. One of the three ransomware is what we explained here. The other two are Buran and Sodinokibi.

Since exploit kits exploit the vulnerabilities of the operating system and the installed software, it is necessary to install all the updates of the Windows and Flash, Java and PDF readers.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *