The ad server a very popular one website video conversion has been compromised in order to propagate malware through ads. Specifically, it downloads it GreenFlash Sundown exploit Kit, which in turn installs SEON Ransomware, the Pony Trojan, and miners on a vulnerable computer.
Malwarebytes explains, in a report, that the hackers, behind the GreenFlash Sundown exploit kit are used to breaking the ad server an advertiser-publisher in order to spreads malicious software site visitors through ads.
Malwarebytes said he detected a malvertising campaign on a popular video conversion site, called onlinevideoconverter [.] Com. This site has over 200 million visitors each month.
The kit will then attempt to exploit a Flash exploit, and if it does, it will execute a PowerShell command.
This command will check whether the computer is a virtual machine or not. If it is not, it will install SEON Ransomware, as shown below.
In addition to SEON Ransomware, the exploit kit will also install a miner and the Pony Trojan, which steals information.
The site itself has not made any statements so far, whether it knew about this security issue.
Exploit kits are often used to install ransomware
At the beginning of the year, there seemed to be a reduction in ransomware attacks. However, lately they have made a comeback and are often distributed through exploit kits.
Only three different ransomwares of this type have been distributed this month attack. One of the three ransomware is what we explained here. The other two are Buran and Sodinokibi.
Since exploit kits exploit the vulnerabilities of the operating system and the installed software, it is necessary to install all the updates of the Windows and Flash, Java and PDF readers.