The malicious campaigns were discovered by the expert nao_sec and distributed through malvertising, which redirects visitors to pages of exploit kits. These landing pages are usually hosted on damaged sites.
When a user visits one of these sites, teased exploit kits try to take advantage of them. vulnerabilities of their browser to install a malicious program.
The GrandSoft exploit kit installs the Ramnit trojan, as discovered by nao_sec last Saturday.
Ramnit is a password theft trojan that attempts to steal stored login credentials, online bank credentials, FTP accounts, browser history and many more from its victims.
The exploit kit Rig installs Amadey and a clipboard hijacker.
Nao_sec unveiled another malware campaign on Sunday, redirecting users to the exploit kit Rig. This targets CVE-2018-15982 (Flash Player), CVE-2018-8174 (Microsoft Internet Explorer VBScript Engine) and other vulnerabilities to infect users with malware.
When nao_sec discovered this campaign, he was installing clipboard hijackers, who monitor the Windows clipboard for addresses and replace anything they find with the addresses under his control. This is used to steal money that users believe they send to legitimate addresses when making purchases.
The Fallout exploit kit installs a clipboard hijacker
Earlier today, nao_sec discovered Fallout, which targets CVE-2018-8174 (Microsoft Internet Explorer VBScript Engine) and CVE-2018-15982 (Flash Player) vulnerabilities.
Finally, nao_sec discovered another malicious campaign in the Radio exploit kit, which installs Nemty Ransomware. Nemty targets the CVE-2016-0189 vulnerability in JScript and VBScript for Internet Explorer, which Microsoft fixed for 2016.
How will you protect yourself?
In order for an exploit kit to work, it needs to identify vulnerabilities to exploit.
Therefore, your best defense is to make sure you've always installed the latest security updates, both for your operating system and for any software you have installed.
When focusing on software updates, it's important to update the programs that interact with a browser to add additional features, such as Adobe Flash, PDF Readers and similar programs.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.