Security Experts:

Connect with us

Hi, what are you looking for?



Blackhole Creator on Quest to Expand Exploit Empire

The gang behind the notorious Blackhole exploit kit is branching out into new markets with a new crimeware kit and a $100,000 budget.

The gang behind the notorious Blackhole exploit kit is branching out into new markets with a new crimeware kit and a $100,000 budget.

The creator of the tremendously popular Blackhole exploit kit has “begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack,” security researcher and writer Brian Krebs noted on his blog, Krebs on Security. The group has set aside $100,000 to purchase browser and browser plug-in vulnerabilities to include in Cool Exploit, according to some posts Krebs found on underground forums.

Blackhole Exploit Kit by PaunchAccording to these posts, these exploits will be owned and used exclusively by the group and would not be disclosed or released to the public, Krebs said. The group will be buying “weaponized (Ready) exploits” as well as their descriptions and proofs of concept so that other people won’t be able to use those exploits, according to the postings.

“The author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes,” Krebs wrote, referring to Paunch, Blackhole’s creator.

Criminals use exploit kits to infect legitimate websites with malicious code so that when visitors come to the site, they are either served up a cocktail of malware in a drive-by-download attack or redirected to a different site for the payload. The toolkits are frequently updated with new exploits to help criminals successfully compromise more victims. If Cool Exploit really winds up getting exclusive access to exploits, it will have an advantage over other toolkits, wrote Blue Coat’s Jeff Doty.

“This could give Cool a significant leg up on the competition with other exploit kits,” Doty said.

While aspiring criminals can rent Blackhole for about $700 a month or take advantage of a hosting solution for $500 a month, Cool Exploit with its collection of advanced exploits will cost $10,000 per month, Blackhole creator Paunch told Krebs. While the higher price tag may deter some criminals from using the new crimeware kit, for others, it may well be a small cost of doing business. According to Symantec, one of the ransomware gangs using Cool Exploit is generating nearly $400,000 in profits each month. Considering those kind of numbers, $10,000 for the exploit kit is pocket change.

Security experts have suspected for a while the group behind the new Cool Exploit toolkit was the same as Blackhole, as sophisticated exploits were added to both toolkits over a short period of time. A French researcher named Kafeine observed a Windows exploit appear first in Cool Exploit and then in Blackhole. After a Java exploit was added to Cool Exploit, he correctly predicted it will soon show up in Blackhole.

“Be ready to see same kind of post for Blackhole 2.0 (or update to 2.1) soon, as chances are HUGE that Paunch is indeed behind Cool EK code,” Kafeine wrote, back in November.

Related Reading: Black Hole Exploit Kit – A Business Savvy Cyber Gang Driving a Massive Wave of Fraud

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.