Nestled in hacked sites–New Fallout Exploit Kit injecting GandCrab Ransomware or Redirecting to PUPs

[steven36]

Cybercriminals made another strategic attempt to distribute GrandCrab ransomware, fake anti-virus software, malware downloading Trojans and other PUPs which abbreviates for ‘Potentially Unwanted Programs.’ The exploit kit that is being used to deliver the ransomware is called ‘Fallout.’

 

It was the end of August’18 that saw the discovery of the kit which is installed on hacked sites and is programmed to exploit vulnerabilities on a visitor’s system. These vulnerabilities are reported to be for two programs – Windows VBScript engine (CVE-2018-8174) and Adobe Flash player (CVE-2018-4878).

Upon its discovery. which was made by nao sec (Security Researcher), the kit was found downloading and installing a malware infection, ‘SmokeLoader’ which further downloads other malware. As per the security researcher, the kit when found was downloading and installing CoalaBot and an unidentified malware.

In a blog post exclusively written to shed a light on the ‘Fallout Exploit Kit', nao sec stated – “The exe file executed by shellcode is "Nullsoft Installer self-extracting archive.” He added, "This will run SmokeLoader and two exe files will be downloaded."

As reported by FireEye, which prides itself on embracing world-class frontline threat expertise – Fallout, the exploit kit has been noticed installing GrandCrab Ransomware on Windows and MacOS users will be redirected to pages that promote fake antivirus software or fake Adobe Flash Players.

FireEye further educates us on the procedural execution –primarily, the kit will try and exploit VBScript and then it will proceed towards the Flash Player vulnerability which will be contingent on the status of scripting– whether it’s disabled or not. Marching forward, the kit will cause Windows to download and install a Trojan into the system once it has been successfully exploited.

 

 

Upon its activation, the Trojan will scan for the following processes, and if found, it causes the Trojan to step in an infinite loop which consequently halts any further malicious activities. 

If not, then it downloads and executes a DLL which leads to the installation of GrandCrab ransomware. While infecting the system, GrandCrab appends the.KRAB extension to encrypted files and drops a ransom note titled KRAB-DECRYPT.txt.

 

Calming the bewildered spirit of inquiry of the Fallout exploit kit victims or to-be-victims, Ehackingnews advises all the users against stacking outdated programs onto their systems, for example, Flash Player. It is essential to ensure an installation of the latest Windows security updates in order to keep yourself guarded.

Source

 

[knowledge-Spammer]

i have seen New fake Microsoft Security Essentials

one day ago

[knowledge-Spammer]

i just now get this email  it seems people is trying to scam people with emails  more nowday  take this one

"support15402" <[email protected]>

$$$$

##It seems that, 0179, is your phone**

@I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean)**

#####While you were watching videos, your internet browser started out functioning as a Remote Viewer having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts#

@@What did I do?@@@

$$$I backuped phone. All photo, video and contacts***
@@@@I created a double-screen video. 1st part shows the video you were watching (you've got a good taste haha . . .), and 2nd part shows the recording of your cam@@@

$$exactly what should you do?$$$$$

##Well, in my opinion, $1000 is a fair price for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google)$$$$
BTC Address:
12DA8mpQCnTB1cEHLPFU7ckP44zN5Xmgu3

(It is cAsE sensitive, so copy and paste it)
Important:
#####You have 48 hour in order to make the payment. (I've a unique pixel in this e mail, and at this moment I know that you have read through this email message)@@@@
*If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on@@

@@@@@Having said that, if I receive the payment, I'll destroy the video immidiately***
####If you need evidence, reply with "Yes!" and I will certainly send out your video recording to your 6 contacts$$
@@@@@It is a non-negotiable offer, that being said don't waste my personal time and yours by responding to this message####
 

 

i think is funny as no porn on my pc and no cam  so i no is lies

and it seem much people get this

https://www.bitcoinabuse.com/reports/12DA8mpQCnTB1cEHLPFU7ckP44zN5Xmgu3

but it seem people give money crazy