Researchers at Malwarebytes spotted a spike in malvertising attacks that are pushing Nuclear exploit kits (EKs) that are also delivering ransomware, all via the AdCash network as well as multiple other sources.
The campaign has increased intensity over the past week and is mostly infecting victims in South America and parts of Europe excluding the U.K., according to a Dec. 11 blog post.
"The payload from this attack is a downloader which happens to drop two different pieces of ransomware and more malware afterwards," the post said.
Researchers considered this interesting due to the attacks high volume and the abundance of payloads dropped.
They also spotted one of the domains hosting Flash exploit (CVE-2015-7645), a vulnerability that the domain had previously used in standalone attacks. The malicious domain now points traffic directly to the Nuclear EK which also attempts to exploit the same flash vulnerability.