The Spelevo exploit kit was spotted by security researchers while infecting victims with Maze Ransomware payloads via a new malicious campaign that exploits a Flash Player. Maze Ransomware, a variant of Chacha Ransomware, was initially found by Malwarebytes security researcher Jérôme Segura in May.
The researcher found that the ransomware was being distributed using the Fallout exploit kit via a fake site camouflaged as a legitimate cryptocurrency exchange app. Segura told BleepingComputer that the attackers created a fake Abra cryptocurrency site to buy ad network traffic which was later used to redirect visitors to the exploit kit landing page under certain conditions.