• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Search results for: Angler Exploit Kit

Down but Not Out: A Look Into Recent Exploit Kit Activities

  • Posted on:July 2, 2018 at 6:48 am
  • Posted in:Bad Sites, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro
0

Exploit kits may be down, but they’re not out. While they’re still using the same techniques that involve malvertisements or embedding links in spam and malicious or compromised websites, their latest activities are making them significant factors in the threat landscape again. This is the case with Rig and GrandSoft, as well as the private exploit kit Magnitude — exploit kits we found roping in relatively recent vulnerabilities to deliver cryptocurrency-mining malware, ransomware, botnet loaders, and banking trojans.

Read More
Tags: CVE-2018-8174exploit kitsGrandSoft Exploit KitMagnitude exploit kitrig exploit kit

Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner

  • Posted on:May 31, 2018 at 5:01 am
  • Posted in:Bad Sites, Exploits, Malware, Vulnerabilities
  • Author:
    Trend Micro
0

An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page. Sometime around February to March last year, however, we saw Rig’s Seamless campaign adding another layer or gate before the actual landing page.

Along with updates in code, we also observed Rig integrating a cryptocurrency-mining malware as its final payload. Based on the latest activities we’ve observed from Rig, they’re now also exploiting CVE-2018-8174, a remote code execution vulnerability patched in May and reported to be actively exploited. The exploit also appears to be from a recently disclosed proof of concept. The security flaw affects systems running Windows 7 and later operating systems, and the exploit works through Internet Explorer (IE) and Microsoft Office documents that use the vulnerable script engine.

Read More
Tags: cryptocurrency minerCVE-2018-4878Internet ExplorerMonerorig exploit kit

New Disdain Exploit Kit Detected in the Wild

  • Posted on:August 17, 2017 at 12:38 am
  • Posted in:Exploits
  • Author:
    Trend Micro
0

The exploit kit landscape has been rocky since 2016, and we’ve observed several of the major players—Angler, Nuclear, Neutrino, Sundown—take a dip in operations or go private. New kits have popped up sporadically since then, sometimes revamped from old sources, but none have really gained traction. Despite that fact, cybercriminals continue to develop more of them.

On August 9, we detected a new exploit kit in the wild, being distributed through a malvertising campaign. With additional analysis of the code and activity, we can confirm that it is the Disdain exploit kit, which started to advertise their services in underground forums starting August 8. We found the “disdain” keyword contained in its JavaScript code.

Read More
Tags: exploit kit

Will Astrum Fill the Vacuum in the Exploit Kit Landscape?

  • Posted on:May 18, 2017 at 7:40 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Joseph C Chen (Fraud Researcher)
0

The decline of exploit kit activity—particularly from well-known exploit kits like Magnitude, Nuclear, Neutrino, and Rig during the latter half of 2016—doesn’t mean exploit kits are throwing in the towel just yet. This is the case with Astrum (also known as Stagano), an old and seemingly reticent exploit kit we observed to have been updated multiple times as of late.

Astrum’s recent activities feature several upgrades and shows how it’s starting to move away from the more established malware mentioned above. It appears these changes were done to lay the groundwork for future campaigns, and possibly to broaden its use. With a modus operandi that deters analysis and forensics by abusing the Diffie-Hellman key exchange, it appears Astrum is throwing down the gauntlet.

Read More
Tags: Astrumdiffie-hellmanexploit kit

Tracking the Decline of Top Exploit Kits

  • Posted on:February 14, 2017 at 5:09 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Giannina Escueta (Technical Communications)
0

The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. As we discussed in our 2016 Security Roundup, Angler, which has dominated the market since 2015, suddenly went silent. We tracked 3.4 million separate Angler attacks on our clients in…

Read More
Page 2 of 12 ‹ 123 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, MĂŠxico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, EspaĂąa, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.