We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more recently via a campaign dubbed Ngay.
In this post we take a look at a malvertising campaign that we traced back to late August and that is targeting adult traffic. While initially pushing the Neutrino exploit kit, it switched to RIG EK in September. We estimate that at least one million visitors to adult websites were exposed to this particular campaign.
In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.