Security researchers have discovered a dangerous new exploit kit that has been hidden in malicious ads and named and named as the Stegano Exploit Kit.
The Stegano Exploit Kit Revealed
Security researchers from ESET have revealed a new exploit called the Stegano Exploit Kit as it uses the method of steganography. This is the technique of hiding various types of information and data inside other files.
The Stegano Exploit Kit is a good example of that. The dangerous software was discovered hidden in a PNG image file served in a malicious ads campaign operated by computer criminals. According to the available information it has been in active use for the past two months. So far it has been used to serve malicious ads while operating on various networks including some high-profile and popular sites.
When the code is extracted and executed it redirects the computer users to a gate address which filters out the victims. The server redirects only the visitors who use the Internet Explorer browser and so far they are have been the only victims.
To infiltrate the target computer hosts the Stegano exploit kit uses three Adobe Flash vulnerabilities:
- CVE-2015-8651 – Integer overflow in Adobe Flash Player before 22.214.171.1244 and 19.x and 20.x before 126.96.36.1997 on Windows and OS X and before 188.8.131.529 on Linux, Adobe AIR before 184.108.40.206, Adobe AIR SDK before 220.127.116.11, and Adobe AIR SDK & Compiler before 18.104.22.168 allows attackers to execute arbitrary code via unspecified vectors.
- CVE-2016-1019 – Adobe Flash Player 22.214.171.124 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
- CVE-2016-4117 – Adobe Flash Player 126.96.36.199 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
The Stegano Exploit kit has been used to deliver mainly banking Trojans such as Ramnit however the security experts to see a payload change if the kit grows popular among hackers.
For more information you can visit the detailed blog post to learn more about it.