Categories: Ad Guardian PlusNews

Malvertising campaign distributed an exploit kit

A malvertising campaign exploited a fake advertisement and exposed users to the new Capesand exploit kit. The Capesand exploit kit operates by delivering malicious payload to the victim’s computer.

The malvertising campaign that presented users with a fake blog post talking about blokchain was discovered by Trend Micro in October. The page, copied by the attackers using a HTTrack utility, had a hidden iframe that loaded the RIG exploit kit. The RIG exploit kit starts with a threat actor that compromises a website. Then, it inject malicious code that redirects the victims to the landing page of the explot. It is usually spread via suspicious advertisments inserted into legitimate websites.The threat searched for vulnerabilities that it could exploit to distribute samples of DarkRAT and njRAT malware.

Then, researchers saw the iframe changed to load landing.php. Thus, they discovered Capesand hosted on the same server. The new exploit kit could abuse newer vulnerabilities like CVE-2018-4878 (Adobe Flash Player flaw), but also CVE-2018-8174 and CVE-2019-0752 (both affecting Microsoft Internet Explorer). They also discovered that Capesand’s source code didn’t include the actual exploits. So, the exploit kit had to send a request to the API (Application Programing Interface) of its server to receive an exploit payload.

DarkRAT is a type of malware bot that may download and execute additional malware. It receives commands from a control server and sends sensitive data back to it. It can update or delete itself, steel login and password information or logging keystrokes. Also, it can participate in a Distributed Denial of Service (DdoS) attack, lock and encrypt contents from the victim’s computer. Then it’s asking for a payment in order for the return.

njRAT (or Bladabindi) is a Remote Access Trojan or Trojan which allows the holder of the program to control the end user’s computer.

It’s all about security

Organisations can defend against RIG, Capesand or other exploit kits by using security information and event management (SIEM) data. Thus, they can learn the context of services affected by certain software vulnerabilities. Also, companies need to prioritize vulnerabilities, in order to create a patching schedule, aligned with their needs and risks.

Laurentiu Titei

Recent Posts

Fixed: “Your Device is Missing Important Security and Quality Fixes” Error

Are you worried about malware infections, system instability, performance issues, and failure to run new…

1 hour ago

Download Driver Canon iP2770 and Install on Windows 11/10

Despite being discontinued, the Canon iP2770 is still a user favorite energy-efficient inkjet printer with…

24 hours ago

Fix the Ubotie Keyboard Not Working Problem with Easy Steps

Ubotie is a renowned electronics brand. It offers a range of computer peripheral devices, including…

1 day ago

Epson LX 310 Driver Download and Update on Windows 11/10

Epson LX 310 is a dot matrix printing machine offering the best-in-class print quality. While…

2 days ago

Roxio Video Capture USB Driver Download with Easy Steps

Is Windows unable to recognize your Roxio Video Capture USB device? Then, it may be…

2 days ago

Download Kyocera Printer Driver Easily for Windows 11/10

Kyocera is a renowned printer brand for its reliability, high-quality printing in large volumes, and…

2 days ago