• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 23rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

New Ransomware Exploit Kit Blends with Credential Theft Ability

December 5th, 2015 Waqas Malware, Security 0 comments
New Ransomware Exploit Kit Blends with Credential Theft Ability
Share on FacebookShare on Twitter

A new campaign has come to light that spreads the CryptoWall 4.0 (file-encrypting ransomware program) using Angler exploit kit by inserting malicious coding into hacked web pages.

This campaign was exposed by Denmark-based IT security firm Heimdal Security that involves installing various malware on the already compromised computer.

Initially the notorious data stealer Pony is installed, which captures all usable usernames and passwords present on the system and sends the information to the C&C servers controlled by the attackers.

This is done to exploit legitimate access credentials on CMS system and web servers. Afterward, malicious script is injected on those websites to achieve large-scale distribution target.

The next phase involves the unfolding of the drive-by campaign through moving the victim from authentic website to a series of dedicated infectious domains, which install the Angler Exploit Kit.

Once installed, the Angler Exploit Kit scans for vulnerabilities infamous third-party software in the vulnerable Microsoft Windows processes, in case the user hasn’t updated the system.

According to the blog post:

  • The campaign is carried out by installing a cocktail of malware on the compromised PC. The first payload consists of the notorious data thief Pony, which systematically harvests all usable usernames and passwords from the infected system and sends them to a series of Control & Command servers controlled by the attackers.
  • The purpose of this action is to abuse legitimate access credentials to web servers and CMS systems used by websites and to inject the malicious script in these websites so that the campaign achieves the largest possible distribution.
  • In the second phase, the drive-by campaigns unfolds via the victim being moved from the legitimate website, which has been compromised, to a heap of dedicated domains which drop the infamous Angler exploit kit.
  • The Angler exploit kit will then scan for vulnerabilities in popular third party software and in insecure Microsoft Windows processes, if the system hasn’t been updated. Once the security holes are identified, Angler will exploit them and force-feed CryptoWall 4.0 into the victim’s system.

Some of the websites that deliver this kit include are available on the researchers’ website.

This extensive campaign starts from a bulletproof host located in Ukraine while around 100 web pages in Denmark have already been exploited and injected with malicious script. However, this campaign is no more restricted to Europe.

The researchers were successful in blocking more than 200 infected domains which were being used by attackers to spread CryptoWall4.0 in this campaign.

In September 2015, the same researchers discovered Dridex Banking Malware and a critical security flaw targeting 142 million websites with ransomware. 

[src src=”Features Image” url=”https://pixabay.com/p-436712/?no_redirect”]PixaBay[/src]

  • Tags
  • CryptoWall
  • Cyber Crime
  • hacking
  • Malware
  • Ransomware
  • security
  • Vulnerability
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Dorkbot and associated Botnets Temporarily Disrupted
Next article Canadian Police Vow to Hunt Cyber Criminals and Anonymous
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Hacked Android phones mimicked connected TV products for fake ad views

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hacked Android phones mimicked connected TV products for fake ad views
Cyber Crime

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us