An APT group is using a new Flash Player zero-day that was used a lure targeting a Russian-based clinic
Browser update? Do not trust, and do verify before downloading potential malware.
Keeping up with twists and turns on the exploit kit scene, we examine a new redirection mechanism to Neutrino EK which adds fingerprinting way up the infection chain by crafting a special Flash file and uploading it on compromised hosts. This ensures proper filtering of non desirable traffic even before the gate to the exploit kit.
Since the disappearance of Angler EK, exploit kit activity is at one of its lowest it has been in a long time. The focus is therefore on Neutrino EK, which has somewhat picked up the pieces, although at a much lower rate. In this post we look at a change recently noticed with the Flash exploit Neutrino uses, which now includes fingerprinting of the user’s machine.
A well known malvertising gang famous for its use of the fingerprinting technique and other evasion tricks to bypass security checks has been ramping up its activity against many different ad platforms to push malware via top websites. The setup for these malvertising attacks relies on a combination of techniques that start with the fraudulent advertiser choosing a victim, typically a legitimate website in the retail, or legal business.
Ransomware is being dropped in a large ongoing malvertising attack via Nuclear EK.
This AdXpansion advert has a double purpose and that is to exploit your computer.
Trusting Flash-based ads has never been harder when they bundle nasty code.