Saturday, August 15, 03:28
Home security Capesand: New exploit kit that exploits vulnerabilities in Adobe Flash and Internet ...

Capesand: New exploit kit that exploits vulnerabilities in Adobe Flash and Internet Explorer

CapesandIn October, the researchers of TrendMicro they discovered a new one exploit Kit, which they named Capesand. The exploit kit is already being used in attacks, although it is still under development.

The researchers discovered tool looking at a malvertising campaign, that used it RIG EK to infect victims' systems with DarkRAT and nRAT.

The analysis showed that the code of the Capesand exploit kit is quite simple.

Capesand exploits recent vulnerabilities in Adobe Flash and Internet Explorer (IE) as well as one vulnerability of IE, by 2015. Researchers have noted that the kit is still in development.

“In mid-October, we discovered a malvertising campaign that used the Rig exploit kit to distribute DarkRAT and njRAT malware. Towards the end of October, however, we saw a change in the campaign and redirection was no longer leading to the Rig exploit kit, ”Trend Micro said. "The Criminals started using another kit we were not familiar with. "

The malvertising campaign appeared like a blog talking about blockchain.

The researchers analyzed the source code of the site and found that the hackers had copied its content through the website copy tool, HTTrack, and had placed one hidden iframe loading exploit kit.

"In case we found it, we found it to look like a very old exploit kit called Demon Hunter, something that made us believe that Capesand probably came from it, ”the analysis continues.

What vulnerabilities does Capesand EK exploit?

  • CVE-2018-4878 (Adobe Flash)
  • CVE-2018-8174 (Internet Explorer)
  • CVE-2019-0752 (Internet Explorer)

Another interesting feature, the researchers noted, is that exploits are not included in the frontend EK source code package. Capesand delivers a specific exploit code requesting an API server.

The researchers also discovered a version of Capesand, which uses exploits for the following vulnerabilities:

  • CVE-2018-4878 (Adobe Flash)
  • CVE-2018-15982 (Adobe Flash)
  • CVE-2015-2419 (Internet Explorer)
  • CVE-2018-8174 (Internet Explorer)

In addition to the above, criminals distribute malicious pages via "Mirrored versions" of legitimate sites and use domain names, which are very similar to the originals. In this way they avoid detection.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Relax with these short horror and sci-fi movies!

Do you dream of other planets, other realities or other schedules? If you wish you could travel somewhere else you should see these little ...

6 ways your location can be traced through your iPhone!

Your iPhone can be configured to show your location in real time to anyone. Also indicates your location ...

How to delete your Spotify account?

Have you decided to stop using Spotify and want to close your account permanently? See how ...

Holidays, baths, public WiFi: Guess which one not to choose?

Holidays, baths, public WiFi: Guess which one not to choose? August is here and most are getting ready for their summer vacation ....

Cyber ​​Security Career: Why Choose It Now?

With unemployment being at very high levels due to the coronavirus and with companies trying to restructure companies ...

Get MIUI 12 "Focus Mode" on any Xiaomi device

Focus Mode is one of the best features of MIUI 12. This feature was first introduced in MIUI 11, but there are ...

The 20 best gaming consoles of all time

On the threshold of the new generation of consoles, such as the PlayStation 5 and the Xbox Series X, these are the most important and ...

Smart locks: Every home needs to have one!

Home security is a complex issue, but anything is safer than hiding a spare key in a very ...

LinkedIn: How do you record and display the pronunciation of your name?

Having a last name that almost no one pronounces correctly can sometimes be annoying. Thus, LinkedIn attempts ...

Cyber ​​attacks: 5 steps to deal with security incidents

Every organization is prone to cyber attacks and, when it happens, there is a small line between rescuing your network security and ...