The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Angler Exploit Kit

Malvertising Campaign Hits Top Websites to Spread Ransomware

Malvertising Campaign Hits Top Websites to Spread Ransomware

March 18, 2016Unknown
Hackers are always in search for an elite method to create loopholes in the cyberspace to implement the dark rules in the form of vulnerability exploitation. Top Trustworthy sites such as The New York Times , BBC , MSN , AOL and many more are on the verge of losing their face value as a malwertized advertisement campaign are looming around the websites, according to SpiderLabs. Here's what Happens to Users when Clicking Ads on these Big Brand Sites: The advertisements on the legit sites trick users into clicking on it, making them believe that these circulated ads come from a trusted networks. Once clicked, the malicious Ad redirects the user to a malicious website that hosts Angler Exploit Kit (AEK) to infect visitors by installing malware and ransomware on their computer. Angler Exploit Kit includes many malicious hacking tools and zero-day exploits that let hackers execute drive-by attacks on visitors' computers. In this case, the Angler kit scan
ALERT: This New Ransomware Steals Passwords Before Encrypting Files

ALERT: This New Ransomware Steals Passwords Before Encrypting Files

December 04, 2015Swati Khandelwal
You should be very careful while visiting websites on the Internet because you could be hit by a new upgrade to the World's worst Exploit Kit – Angler , which lets hackers develop and conduct their own drive-by attacks on visitors' computers with relative ease. Many poorly-secured websites are targeting Windows users with a new "Cocktail" of malware that steals users' passwords before locking them out from their machines for ransom. Yes, stealing Windows users' passwords before encrypting their data and locking their PCs for ransom makes this upgrade to the Angler Exploit Kit nastier. Here's How the New Threat Works: Once the Angler exploit kit finds a vulnerable application, such as Adobe Flash, in visitor's computer, the kit delivers its malicious payloads, according to a blog post published by Heimdal Security. The First Payload infects the victim's PC with a widely used data thief exploit known as Pony that systematic
Cisco Takes Down Ransomware Operation Generating $30 Million in Revenue For Hackers

Cisco Takes Down Ransomware Operation Generating $30 Million in Revenue For Hackers

October 07, 2015Swati Khandelwal
This will blow the minds of every single cyber criminal group out there – Researchers have discovered a group of hackers that is making an estimated $30 Million a year from their online criminal operation. Yes, $30 MILLLLLLION annually. Researchers from cyber security firm Cisco announced that they discovered a large ransomware campaign connected to the Angler Exploit Kit , one of the most potent exploit kits available in the underground market for hacking into computers. Researchers noticed that the large percentage of infected users were connecting to servers belonging to hosting provider Limestone Networks . After digging out more, they estimated that a single hacker or a group of hackers is targeting up to 90,000 end users a day. Here are some estimates by Cisco researchers after investigating the operation: Life of an Angler exploit server is one day Around 3600 users are compromised per day by ransomware 3% of targets paid the average ransom demand of
Angler Exploit Kit Uses Domain Shadowing technique to Evade Detection

Angler Exploit Kit Uses Domain Shadowing technique to Evade Detection

March 05, 2015Swati Khandelwal
The world's infamous Angler Exploit Kit has become the most advanced, much more powerful and the best exploit kit available in the market, beating the infamous BlackHole exploit kit , with a host of exploits including zero-days and a new technique added to it. Angler Exploit Kit's newest technique is dubbed "Domain Shadowing" which is considered to be the next evolution of online crime. Domain Shadowing, first appeared in 2011, is the process of using users domain registration logins to create subdomains. WHAT IS DOMAIN SHADOWING ? With the help of Domain Shadowing technique used in a recent Angler campaign, attackers are stealing domain registrant credentials to create tens of thousands of sub-domains that are used in hit-and-run style attacks in order to either redirect victims to the attack sites, or serve them malicious payloads. Security researcher Nick Biasini of Cisco's Talos intelligence team analysed the campaign and said the "massive&qu
Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability

Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability

November 26, 2014Mohit Kumar
Adobe has rolled-out an urgent out-of-band update for a critical remote code-execution vulnerability in its popular Flash Player that is currently being exploited by hackers. The critical vulnerability ( CVE 2014-8439 ) in Flash Player for Windows, Mac and Linux was originally mitigated more than a month ago in October 14, 2014 patch release, but a French researcher Kafeine found its exploits in the Angler and Nuclear malware kits after Adobe released a patch, according to security vendor F-Secure. " The vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does ," Kafeine said in a blog post . The vulnerability allows an attacker to execute arbitrary code due to a weakness in the way a dereferenced pointer to memory is handled. An attacker could serve a specially crafted Flash file to trigger the vulnerability, which would lead to the execution of attacker's code in order to take control
Malicious Advertisements Found on Java.com, Other High-Profile Sites

Malicious Advertisements Found on Java.com, Other High-Profile Sites

August 29, 2014Swati Khandelwal
A New York-based online ad network company AppNexus, that provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Asprox malware. AppNexus servers process 16 billion ad buys per day, making it the biggest reach on the open web after Google. Back in May, AppNexus was serving malicious ads targeting Microsoft's Silverlight platform. The world's largest Internet Video Subscription service Netflix runs on Silverlight, and because of its popularity, hackers have been loading exploit kits with Silverlight. As part of this campaign, users of several high-profile websites including Java.com, Deviantart.com, TMZ.com, Photobucket.com, IBTimes.com, eBay.ie, Kapaza.be and TVgids.nl , last week were redirected to websites serving malicious advertisements that infected visitors by installing botnet ma
Critroni - File Encrypting Ransomware out in the Wild

Critroni - File Encrypting Ransomware out in the Wild

July 21, 2014Swati Khandelwal
A new ransomware from the Crypto-Ransomware family has been detected by the security researcher, which is being sold in different underground forums from the last month and recently included in the Angler exploit kit . The latest ransomware, given the name " Critroni ", includes a number of odd features that makes it out of the ordinary and according to the researchers, it's the first ever Crypto ransomware seen that uses the Tor anonymizing network for command and control to conceal its communication. According to a detailed analysis of the ransomware threat by a French security researcher who uses the handle Kafeine, the Critroni ransomware is being sold for around $3,000 in black forums and is recently being used by a large number of attackers, including those who use the Angler exploit kit to drop a Spambot on victims' computers. " Placing a server in onion-domain ( TOR ), close to domain abuse can not be practically impossible to trace the owner and shutdown the
Netflix Users Targeted by Microsoft Silverlight Exploits

Netflix Users Targeted by Microsoft Silverlight Exploits

May 21, 2014Mohit Kumar
Netflix, the world's largest Internet Video Subscription service with more than 35.7 million customers in U.S alone, that runs on the Microsoft Silverlight platform, has now become a popular target for cybercriminals, as public awareness of Java and Flash flaws is increasing. Silverlight is a Microsoft's plug-in for streaming media on browsers, similar to Adobe Flash Player , that handles multimedia contents on Microsoft Windows and Mac OS X Web Browsers, and is popularly known for being used in Netflix's streaming video service. But, Netflix isn't the only service that works on Silverlight, many other multimedia services supports Silverlight. Malware and Exploit Kit developers are targeting Silverlight users as they aren't aware of the increasing proliferation of malware for the platform. Silverlight vulnerabilities are mostly exploited using drive-by download attacks to compromise victim's computers with malware, especially through malicious ads. A recent
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.