The Sundown exploit kit is becoming one of the most popular crimeware kits in the hacking underground. The last time we saw it was at the end of 2016 when malware researchers spotted a new variant of the Sundown exploit kit leverages on steganography to hide exploit code in harmless-looking image files.
Recently cyber criminals added to the Sundown exploit kit two Edge vulnerabilities tracked as CVE-2016-7200 and CVE-2016-7201.
A remote attacker can exploit the vulnerabilities to execute arbitrary code in the context of the current user by tricking victims into visiting a specially crafted website.
On January 4, security experts at the firm Theori confirmed the availability of a PoC exploit for CVE-2016-7200 and CVE-2016-7201, just a few days and the code was included in the Sundown exploit kit.
Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201) —https://t.co/DnwQt5giMB
— Theori (@theori_io) 4 gennaio 2017
The popular security researcher Kafeine confirmed the exploits being integrated by the Sundown exploit kit.
Crooks leveraged Sundown exploit kit to deliver mostly ZLoader, it was also used to deliver other malicious payloads, including Zeus Panda, Dreambot, Chthonic, Andromeda, Neutrino Bot, Betabot, Smokebot, Remcos, Kronos and a bitcoin min
rding to Malwarebytes Labs, a variant of the Sundown exploit kit was recently seen distributing a cryptocurrency Monero mining application.
Kafeine highlighted the fact that this is the first true innovation in the exploit kit landscape since 6 months, he also added that the criminal ecosystem lost its locomotive the “Angler EK.”
“After not far from 6 months without new exploit integrated in an EK ecosystem which has lost its innovation locomotive (Angler) , the drive-by landscape is struggling to stay in shape. Low infection rate means more difficulties to properly convert bought traffic.” added Kafeine.
Last time malware researchers observed the introduction of a fresh exploit code in an Exploit Kit was this summer when malware authors added the PoC for CVE-2016-0189 to the Neutrino exploit kit.
Previous ArticleHello Kitty database leaked online, 3.3 million fans affected
Hello Kitty database leaked online, 3.3 million fans affectedThe Hello Kitty MongoDB database leaked online one year ago recently surface on the web, it includes 3.3 million records...
Copyright 2021 Security Affairs by Pierluigi Paganini All Right Reserved.Back to top
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.