Expert On Spelevo Exploit Kit & Maze Ransomware

The Spelevo exploit kit was spotted by security researchers while infecting victims with Maze Ransomware payloads via a new malicious campaign that exploits a Flash Player. Maze Ransomware, a variant of Chacha Ransomware, was initially found by Malwarebytes security researcher Jérôme Segura in May.

The researcher found that the ransomware was being distributed using the Fallout exploit kit via a fake site camouflaged as a legitimate cryptocurrency exchange app. Segura told BleepingComputer that the attackers created a fake Abra cryptocurrency site to buy ad network traffic which was later used to redirect visitors to the exploit kit landing page under certain conditions.

Experts Comments

October 22, 2019
Roger Grimes
Data-driven Defence Evangelist
KnowBe4
Easily the most disturbing part about this story is malicious individuals and organizations setting up fake ‘front organizations’ to buy and direct ad buys to. None of the people, beyond the ultimate endpoint website creators, know the legitimate ad buy is being used to direct people into harm’s way. It would literally be like renting official law enforcement to help direct cars to a pyramid marketing scam being held at the local, trusted, city convention center. And these attacks are.....Read More
Easily the most disturbing part about this story is malicious individuals and organizations setting up fake ‘front organizations’ to buy and direct ad buys to. None of the people, beyond the ultimate endpoint website creators, know the legitimate ad buy is being used to direct people into harm’s way. It would literally be like renting official law enforcement to help direct cars to a pyramid marketing scam being held at the local, trusted, city convention center. And these attacks are difficult to detect, although there are organizations and services which specialize in tracking rogue sites and ad buys, so it can be done. One of the biggest risk factors would be a brand-new website attached to a brand-new DNS entry which is tied to an anonymous person. You can certainly have legitimate websites and organizations which meet the same criteria, but if everything is brand-new (say within the last 24 hours), including that it’s a previously unknown person buying a brand-new, first-time ad buy from an organization they have never done business with before, then people should be skeptical.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts