Expert On Spelevo Exploit Kit & Maze Ransomware

The Spelevo exploit kit was spotted by security researchers while infecting victims with Maze Ransomware payloads via a new malicious campaign that exploits a Flash Player. Maze Ransomware, a variant of Chacha Ransomware, was initially found by Malwarebytes security researcher Jérôme Segura in May.

The researcher found that the ransomware was being distributed using the Fallout exploit kit via a fake site camouflaged as a legitimate cryptocurrency exchange app. Segura told BleepingComputer that the attackers created a fake Abra cryptocurrency site to buy ad network traffic which was later used to redirect visitors to the exploit kit landing page under certain conditions.

Roger Grimes, Data-driven Defence Evangelist ,  KnowBe4
October 22, 2019
One of the biggest risk factors would be a brand-new website attached to a brand-new DNS entry.
Easily the most disturbing part about this story is malicious individuals and organizations setting up fake ‘front organizations’ to buy and direct ad buys to. None of the people, beyond the ultimate endpoint website creators, know the legitimate ad buy is being used to direct people into harm’s way. It would literally be like renting official law enforcement to help direct cars to a pyramid ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article