AKBuilder Exploit Kit Revealed

The AKBuilder exploit kit was recently discovered by malware researchers who investigated a series of malware infections, continue reading our article to find out more.

About The AKBuilder Exploit Kit

The computer hackers are constantly upgrading their arsenal of malware. This time a new tool has been identified as security researchers uncovered the Akbuilder exploit kit which is used to launch dangerous attack against various targets.

The dangerous utility is used to generate malicious Microsoft Word documents in rich text. The tool is currently being sold on various underground black markets. Once bought it can be used to propagate various types of malware in documents that may employ social engineering tricks to infect the users. The exploit kit also takes advantage of several identified vulnerabilities that affect both the Microsoft Office Suite and the Windows operating system. The researchers noticed that the tool is advertised actively in several Youtube videos as well. Its price is around 550 US Dollars One of the example ads shows that it targets two specific vulnerabilities:

  1. CVE-2015-2545 – Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka “Microsoft Office Malformed EPS File Vulnerability.”

  2. CVE-2015-1770 – Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Uninitialized Memory Use Vulnerability.”

A newer version of the kit uses the CVE-2015-1641 exploit – Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka “Microsoft Office Memory Corruption Vulnerability.”

Both versions are made using the Python programming language. To launch an attack using it the criminals need to configure the tool with three distinctive parameters:

  1. The name of the payload’s file.

  2. The name of the decoy document.

  3. The name of the generated exploit document.

The hardcoded exploit and the two-stage shellcode scripts are stored in the exploit kit code. The decoy files along with the encrypted payload are added according to the supplied template. The output contains the entire document as a single block of data that can be further modified by the author to avoid antivirus detection. The security experts have detected that several dangerous hacker collectives have already obtained copies of it. The most active users at the current time are the Nigerian BEC groups.

How Dangerous Is The AKBuilder Exploit Kit

Exploit kits are rated as a very dangerous type of hacking tools. They are used to directly target various computer and based on the preloaded exploits they can trigger a software vulnerability if the system is not patched. By their nature these intrusion attempts are classified into two main types:

  1. Known Vulnerabilities – This group contains software bugs that have been reported to the vendors. The successful intrusions are caused by running production unpatched servers and services.

  2. Zero-Day (0day) Vulnerabilities – These vulnerabilities have been identified by the hackers themselves and are undisclosed until the attack has been analyzed by the cyber security response personnel.

Computer administrators and users who wish to defend themselves from this particular threat should ensure that they are always running the latest version of the Windows operating system and the Microsoft Office suite. Аs the main code is implemented alongside with the exploits the developers of the AKBuilder Exploit Kit need to create a separate version if they wish to update the kit. Most contemporary exploit kits are primarily modular.

To protect from the threat computer users can use a quality anti-spyware tool which is able to both remove active infections and actively protect from all types of malware.

You can easily remove all threats with the help of an anti-malware tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *