During the past few days we have noticed a higher than usual number of malvertising attacks pushing the Magnitude exploit kit – which had been relatively quiet – to drop ransomware.
Magnitude EK is one of those exploit kits we don’t hear about as much in comparison to others such as Angler EK or Nuclear EK. Its unique URL pattern makes it easy to spot from the clutter of network traffic captures because it uses chained subdomains typically ending in a shady Top Level Domain like pw (Palau Pacific island).
Some of the ad networks involved in this malvertising campaign include:
- Propeller Ads Media
CryptoWall was dropped via two separate malware binaries. Malwarebytes Anti-Exploit users were protected against Magnitude EK and never got to see the malware payload.