Security expert at IntelCrawler, a cyber threat intelligence firm based in Los Angeles, discovered a new private exploit-kit called “Infinity” in the underground. It isn’t a distribution on a large-scale, authors reserved it to a limited underground customer base due to security concerns.
In the image below shows the advertisement of new private exploit-kit Infinity (“Load on Infinity”).
According investigation done by InterCrawler, the author of the exploit-kit Infinity appears to be a person with nickname “iny” / “pickness”, which credited as reliable on several private underground forums.
At the beginning of 2013 it seems the author “iny” has created a post where he invites various cybercriminals to join the new exploit-kit project. He also mentioned that he is buying new types of vulnerabilities for famous client-side software. This collaborative strategy was also used by “Paunch” to maximize his exploit-kit with new vulnerabilities to increase the infection rate.” reports the InterCrawler official post.
The exploit is provided with model of sale know as malware-as-a-service, the first advertisements about the new exploit-kit Infinity offer it with the cost starting at 100 USD per day, the subscription includes also updates and technical support. The Exploit-Kit Infinity exploits vulnerabilities for IE11/10, Opera and Firefox.
IntelCrawler threat intelligence team has already shared with the security community the appearance of the new exploit-kit Infinity in the underground.
“According to IntelCrawler, the Exploit-Kit Infinity might be a new replacement of “Blackhole”, which was actively used for infections of banking customers.”
(Security Affairs – Exploit-kit Infinity, malware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.