Connect with us

Hi, what are you looking for?



Blackhole Creator on Quest to Expand Exploit Empire

The gang behind the notorious Blackhole exploit kit is branching out into new markets with a new crimeware kit and a $100,000 budget.

The gang behind the notorious Blackhole exploit kit is branching out into new markets with a new crimeware kit and a $100,000 budget.

The creator of the tremendously popular Blackhole exploit kit has “begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack,” security researcher and writer Brian Krebs noted on his blog, Krebs on Security. The group has set aside $100,000 to purchase browser and browser plug-in vulnerabilities to include in Cool Exploit, according to some posts Krebs found on underground forums.

Blackhole Exploit Kit by PaunchAccording to these posts, these exploits will be owned and used exclusively by the group and would not be disclosed or released to the public, Krebs said. The group will be buying “weaponized (Ready) exploits” as well as their descriptions and proofs of concept so that other people won’t be able to use those exploits, according to the postings.

“The author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes,” Krebs wrote, referring to Paunch, Blackhole’s creator.

Criminals use exploit kits to infect legitimate websites with malicious code so that when visitors come to the site, they are either served up a cocktail of malware in a drive-by-download attack or redirected to a different site for the payload. The toolkits are frequently updated with new exploits to help criminals successfully compromise more victims. If Cool Exploit really winds up getting exclusive access to exploits, it will have an advantage over other toolkits, wrote Blue Coat’s Jeff Doty.

“This could give Cool a significant leg up on the competition with other exploit kits,” Doty said.

While aspiring criminals can rent Blackhole for about $700 a month or take advantage of a hosting solution for $500 a month, Cool Exploit with its collection of advanced exploits will cost $10,000 per month, Blackhole creator Paunch told Krebs. While the higher price tag may deter some criminals from using the new crimeware kit, for others, it may well be a small cost of doing business. According to Symantec, one of the ransomware gangs using Cool Exploit is generating nearly $400,000 in profits each month. Considering those kind of numbers, $10,000 for the exploit kit is pocket change.

Security experts have suspected for a while the group behind the new Cool Exploit toolkit was the same as Blackhole, as sophisticated exploits were added to both toolkits over a short period of time. A French researcher named Kafeine observed a Windows exploit appear first in Cool Exploit and then in Blackhole. After a Java exploit was added to Cool Exploit, he correctly predicted it will soon show up in Blackhole.

“Be ready to see same kind of post for Blackhole 2.0 (or update to 2.1) soon, as chances are HUGE that Paunch is indeed behind Cool EK code,” Kafeine wrote, back in November.

Advertisement. Scroll to continue reading.

Related Reading: Black Hole Exploit Kit – A Business Savvy Cyber Gang Driving a Massive Wave of Fraud

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.