Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers.
All four of these campaigns were discovered by exploit kit expert nao_sec and are being distributed through malvertising that redirect visitors to the exploit kits landing pages. These landing pages are typically hosted on hacked sites.
Once a user visits the site, the kit's scripts will attempt to exploit vulnerabilities in the visitor's browser to automatically download and install malware without the user's knowledge.
GrandSoft exploit kit installs the Ramnit banking trojan
On Saturday, nao_sec saw the GrandSoft exploit kit pushing the Ramnit banking trojan.
Ramit is a password stealing trojan that attempts to steal victims saved login credentials, online banking credentials, FTP accounts, browser history, site injections, and more.
GrandSoft pushing Ramnit
Rig exploit kit pushes Amadey and a clipboard hijacker
On Sunday, nao_sec continued to see exploit kit activity in the form of a popcash malvertising campaign redirecting users to the Rig exploit kit. This exploit kit targets the CVE-2018-15982 (Flash Player), CVE-2018-8174 (Microsoft Internet Explorer VBScript Engine ), and other vulnerabilities to infect visitors with malware.
Vis ..
Support the originator by clicking the read the rest link below.
