Malsmoke operators abandon exploit kits in favor of social engineering scheme
Threat actors behind malsmoke, one of the largest malvertising campaigns we’ve seen in recent months, have switched malware delivery tactics.
Domen toolkit gets back to work with new malvertising campaign
We describe the latest malvertising campaign that uses Domen, an advanced social engineering toolkit.
Exploit kits: fall 2018 review
With a fresh exploit kit in town, the drive-by download landscape shows new signs of life in fall 2018.
Fake Spectre and Meltdown patch pushes Smoke Loader malware
German users are being targeted with a rogue patch for the recently announced Meltdown and Spectre flaws.
Terror exploit kit goes HTTPS all the way
A look at some techniques used by the Terror exploit kit to evade traffic-based detection.
New-looking Sundown EK drops Smoke Loader, Kronos banker
In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.
Smoke Loader – downloader with a smokescreen still alive
This time we will have a look at another payload from recent RIG EK campaign. It is Smoke Loader (also known as Dofoil), a bot created several years ago. One of its early versions was advertised on the black marker in 2011.