Experts at Malwarebytes observed a new version of the Fallout Exploit kit that
The Fallout Exploit kit was discovered at the end of August by the threat analyst nao_sec, at the time it was used to distribute the
First detailed in September 2018, the toolkit was observed delivering malware families ranging from ransomware to backdoors, but also fingerprinting the browser profile to identify targets of interest.
The activity associated with the Fallout exploit kit was temporarily suspended in early January, likely to improve it, in the same period experts at Malwarebytes observed an increase in the RIG EK activity.
The Fallout EK was distributed mainly via malvertising chains, starting January 15 it was used to deliver the GandCrab ransomware.
“After a short hiatus in early January, the Fallout
“The revised Fallout EK boasts several new features, including integration of the most recent Flash Player exploit. Security researcher Kafeine identified that Fallout is now the second exploit kit to add CVE-2018-15982.”
One of the most important improvements for the Fallout Exploit kit is the exploit for a recently discovered Adobe Flash Player zero-day tracked as
The CVE-2018-15982 flaw is a critical
The flaw could be exploited by attackers to execute arbitrary code, Adobe addressed it with the release of Flash Player 18.104.22.168 for Windows, macOS, Linux, and Chrome OS.
The first exploit kit that integrated the code to trigger the CVE-2018-15982 flaw in
The new Fallout Exploit kit implements the support for HTTPS support, a new landing page format, and uses Powershell to run the final payload.
“The Base64 encoded Powershell command calls out the payload URL and loads it in its own way” continues the analysis. ”
“This technique is most likely an attempt at evasion, as traditionally we’d expect the Internet Explorer process to drop the payload.”
The new development for the Fallout Exploit kit demonstrates the malware developers
This development is the proof that exploit kit developers are continuously improving their code to trigger the most recent flaws.
| [adrotate banner=”9″] ||[adrotate banner=”12″]|