Threat Management, Incident Response, Malware, TDR, Threat Management

Researchers: malvertising attacks delivering Nuclear EKs and ransomware

Researchers at Malwarebytes spotted a spike in malvertising attacks that are pushing Nuclear exploit kits (EKs) that are also delivering ransomware, all via the AdCash network as well as multiple other sources.

The campaign has increased intensity over the past week and is mostly infecting victims in South America and parts of Europe excluding the U.K., according to a Dec. 11 blog post.  

"The payload from this attack is a downloader which happens to drop two different pieces of ransomware and more malware afterwards," the post said. 

Researchers considered this interesting due to the attacks high volume and the abundance of payloads dropped.

They also spotted one of the domains hosting Flash exploit (CVE-2015-7645), a vulnerability that the domain had previously used in standalone attacks. The malicious domain now points traffic directly to the Nuclear EK which also attempts to exploit the same flash vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.