#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

exploit kit | Breaking Cybersecurity News | The Hacker News

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

Feb 27, 2023 Threat Intelligence
The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT  said  in an exhaustive report shared with The Hacker News. "Although it has yet to substantially change its exploits in its more recent activity, the type and version of the malware they distribute constantly change. The frequency of updating samples ranges from weekly to daily updates." Exploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers. The fact that  RIG EK  runs as a service model means threat actors can financially compensate the RIG EK administrator for installing malware of their choice on victim machines. The RIG EK operators primarily employ malvertising to ensure a high infection rate and large-scale
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

Apr 28, 2022
A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server," Bitdefender  said  in a new report shared with The Hacker News. Most of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others. Exploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware. The primary infection method used by attackers to distribute exploit kits, in this case the
Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

Mar 18, 2020
As the world comes to grips with the coronavirus pandemic , the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web. "Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said. COVID-19 Discounts: Exploit Tools for Sale The report comes following an uptick in the number of malicious coronavirus-related domains that hav
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
What's the Right EDR for You?

What's the Right EDR for You?

May 10, 2024Endpoint Security / Threat Detection
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint detection and response (EDR) solutions now serve as critical weapons in the fight, empowering you and your organization to detect known and unknown threats, respond to them quickly, and extend the cybersecurity fight across all phases of an attack.  With the growing need to defend your devices from today's cyber threats, however, choosing the right EDR solution can be a daunting task. There are so many options and features to choose from, and not all EDR solutions are made with everyday businesses and IT teams in mind. So how do you pick the best solution for your needs? Why EDR Is a Must Because of
Russia proposes 10 Year in Prison Sentence for Hackers and Malware Authors

Russia proposes 10 Year in Prison Sentence for Hackers and Malware Authors

Dec 08, 2016
The Russian government has introduced a draft bill that proposes prison sentences as punishment for hackers and cyber criminals creating malicious software used in targeting critical Russian infrastructure, even if they have no part in actual cyber attacks. The bill, published on the Russian government's website on Wednesday, proposes amendments to the Russian Criminal Code and Criminal Procedure Code with a new article titled, "Illegal influence upon the critical informational infrastructure of the Russian Federation." The article introduces punishment for many malicious acts, including the "creation and distribution of programs or information, which can be used for the destruction, blocking or copying data from the Russian systems." When suspects found as part of any hacking operation, they will face a fine between 500,000 and 1 Million rubles (about $7,700 to $15,400) and up to five years in prison, even if the hacking causes little or no harm. Also R
Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit

Dec 07, 2016
If you have visited any popular mainstream website over the past two months, your computer may have been infected — Thanks to a new exploit kit discovered by security researchers. Researchers from antivirus provider ESET released a report on Tuesday stating that they have discovered an exploit kit, dubbed Stegano , hiding malicious code in the pixels of banner advertisements that are currently in rotation on several high profile news websites. Stegano originally dates back to 2014, but since early October this year, cyber crooks had managed to get the malicious ads displayed on a variety of unnamed reputable news websites, each with Millions of daily visitors. Stegano derived from the word Steganography , which is a technique of hiding messages and content inside a digital graphic image, making the content impossible to spot with the naked eye. In this particular malvertising campaign, operators hide malicious code inside transparent PNG image's Alpha Channel, which def
Malvertising Campaign Hits Top Websites to Spread Ransomware

Malvertising Campaign Hits Top Websites to Spread Ransomware

Mar 18, 2016
Hackers are always in search for an elite method to create loopholes in the cyberspace to implement the dark rules in the form of vulnerability exploitation. Top Trustworthy sites such as The New York Times , BBC , MSN , AOL and many more are on the verge of losing their face value as a malwertized advertisement campaign are looming around the websites, according to SpiderLabs. Here's what Happens to Users when Clicking Ads on these Big Brand Sites: The advertisements on the legit sites trick users into clicking on it, making them believe that these circulated ads come from a trusted networks. Once clicked, the malicious Ad redirects the user to a malicious website that hosts Angler Exploit Kit (AEK) to infect visitors by installing malware and ransomware on their computer. Angler Exploit Kit includes many malicious hacking tools and zero-day exploits that let hackers execute drive-by attacks on visitors' computers. In this case, the Angler kit scan
Hackers Install Free SSL Certs from Let's Encrypt On Malicious Web Sites

Hackers Install Free SSL Certs from Let's Encrypt On Malicious Web Sites

Jan 07, 2016
Who else didn't see this coming? It was so obvious as I stressed earlier that the  Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites. Let's Encrypt allows anyone to obtain free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers that encrypt all the Internet traffic passed between a server and users. Let's Encrypt is recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The organization started offering Free HTTPS certs to everyone from last month, and it is very easy for anyone to set up an HTTPS website in a few simple steps ( How to Install Free SSL Cert ). However, the most bothersome part is that Let's Encrypt free SSL certs are not only used by website owners to secure its
AOL Advertising Network Abused to Distribute Malware

AOL Advertising Network Abused to Distribute Malware

Jan 07, 2015
Security researchers have uncovered a malvertising campaign used to distribute malware to visitors of The Huffington Post website, as well as several other sites, through malicious advertisements served over the AOL  advertising  network . At the end of last year, Cyphort Labs, security firm specialized in detecting malware threats, came across some malicious advertisements that were being served on the United States and Canadian versions of the popular news website The Huffington Post . The malicious advertisements eventually redirected visitors of the news website to other websites hosting exploit kits, in order to attack victims' computers and install malware. Researchers discovered that the malvertising campaign originates with ads being served by AOL's Advertising.com network. Once clicked, users are redirected through a series of redirects, some of which used HTTPS encrypted connections, to a page that served either the Neutrino Exploit Kit or the Sweet Orange E
Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability

Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability

Nov 26, 2014
Adobe has rolled-out an urgent out-of-band update for a critical remote code-execution vulnerability in its popular Flash Player that is currently being exploited by hackers. The critical vulnerability ( CVE 2014-8439 ) in Flash Player for Windows, Mac and Linux was originally mitigated more than a month ago in October 14, 2014 patch release, but a French researcher Kafeine found its exploits in the Angler and Nuclear malware kits after Adobe released a patch, according to security vendor F-Secure. " The vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does ," Kafeine said in a blog post . The vulnerability allows an attacker to execute arbitrary code due to a weakness in the way a dereferenced pointer to memory is handled. An attacker could serve a specially crafted Flash file to trigger the vulnerability, which would lead to the execution of attacker's code in order to take control
Tracy Morgan Dead? Facebook Scam Targeting Users with Malware

Tracy Morgan Dead? Facebook Scam Targeting Users with Malware

Jun 28, 2014
Oh MY God! Is Tracy Morgan Really Dead? NO, Thankfully it's only a hoax, but scammers announced the popular comedian and actor Tracy Morgan dead. Another Facebook scam is circulating across the social networking website just a day before the former " Saturday Night Live " and " 30 Rock " star Tracy Morgan was critically hurt in a six-vehicle fatal accident on the New Jersey Turnpike that killed his friend and writer 62-year-old James McNair. With the rise in various scams on the popular social networking giant, Facebook that has more than one billion active users, it became very clear that not only does the social networking platform provide special opportunities for people to connect and share information, but serves as a great platform for scammers as well. TOTAL SCAM LEADS TO MALWARE Scammers spare no incident to target as many victims as possible, and this time they made use of this roadway accident to target users by spreading the fake Facebook videos proclaimin
Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums

Zeus Alternative Pandemiya Banking Malware For Sale in Underground Forums

Jun 13, 2014
A new and relatively rare Zeus Trojan  program has found which is totally different from other banking Trojans and has capability to secretly steal data from forms, login credentials and files from the victim as well as can create fake web pages and take screenshots of victim's computer. Researchers at RSA Security's FraudAction team have discovered this new and critical threat, dubbed as ' Pandemiya ', which is being offered to the cyber criminals in underground forums as an alternative to the infamous Zeus Trojan and its many variants, that is widely used by most of the cyber-criminals for years to steal banking information from consumers and companies. The source code of the Zeus banking Trojan is available on the underground forums from past few years, which lead malware developers to design more sophisticated variants of Zeus Trojan such as Citadel, Ice IX and Gameover Zeus . But, Pandemiya is something by far the most isolated and dangerous piece of malware
Cryptowall Ransomware Spreading Rapidly through Malicious Advertisements

Cryptowall Ransomware Spreading Rapidly through Malicious Advertisements

Jun 06, 2014
Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Though earlier we saw the samples of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware malwares, the recent ones are more subtle in design, including Cryptolocker , Icepole , PrisonLocker , CryptoDefense and its variants. Now, the ransomware dubbed as Crytowall , a latest variant of the infamous ransomware Cryptolocker is targeting users by forcing them to download the malicious software by through advertising on the high profile domains belonging to Disney, Facebook, The Guardian newspaper and others. Cryptolocker is designed by the same malware developer who created the sophisticated CryptoDefense ( Trojan.Crypt
Netflix Users Targeted by Microsoft Silverlight Exploits

Netflix Users Targeted by Microsoft Silverlight Exploits

May 21, 2014
Netflix, the world's largest Internet Video Subscription service with more than 35.7 million customers in U.S alone, that runs on the Microsoft Silverlight platform, has now become a popular target for cybercriminals, as public awareness of Java and Flash flaws is increasing. Silverlight is a Microsoft's plug-in for streaming media on browsers, similar to Adobe Flash Player , that handles multimedia contents on Microsoft Windows and Mac OS X Web Browsers, and is popularly known for being used in Netflix's streaming video service. But, Netflix isn't the only service that works on Silverlight, many other multimedia services supports Silverlight. Malware and Exploit Kit developers are targeting Silverlight users as they aren't aware of the increasing proliferation of malware for the platform. Silverlight vulnerabilities are mostly exploited using drive-by download attacks to compromise victim's computers with malware, especially through malicious ads. A recent
Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Feb 27, 2014
Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always " The arrest of malware authors and culprits who are involved in the development of Malware. " Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version of Silon , is none other than the SpyEye2 banking Trojan , according to researchers at security firm  Delft Fox-IT . Tilon  a.k.a  SpyEye2 is the sophisticated version of SpyEye Trojan . Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker ' Aleksandr Andreevich Panin ' or also known as  Gribodemon , who was arrested in July 2013. ' SpyEye ', infected more than 1.4 million Computers
Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Jan 05, 2014
Internet advertisement networks provide hackers with an effective venue for targeting wide range computers through malicious advertisements. Previously it was reported by some security researchers that Yahoo's online advertising Network is one of the top ad networks were being abused to spread malware by cyber criminals . Recent report published by Fox-IT, Hackers are using Yahoo's advertising servers to distribute malware to hundreds of thousands of users since late last month that affecting thousands of users in various countries. " Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious ," the firm reported . More than 300,000 users per hour were being redirected to malicious websites serving 'Magnitude Exploit Kit', that exploits vulnerabilities in Java and installs a variety of different malware i.e. ZeuS Andromeda Dorkbot/Ngrbot Advertisement clicking malware Tinba/Zusy Necurs "
Cybersecurity
Expert Insights
Cybersecurity Resources