Cybercriminals have added an exploit for a recently-patched Adobe Flash Player vulnerability to the notorious Magnitude exploit kit.
The kit now includes an exploit for CVE-2015-3105, which was fixed as part of Adobe’s Flash Player update earlier this month. Despite the update however, many users are still running older versions of the software and remain at risk, blogged Trend Micro Threat Analyst Peter Pi. According to Pi, the kit is using the vulnerability to infect victims with CryptoWall 3.0, a particularly virulent piece of ransomware.
“This is another example of how cybercriminals rapidly take advantage of recently-patched vulnerabilities through exploit kits,” Pi blogged. “We saw a similar incident in March, where exploits for an Adobe Flash Player vulnerability were added to the Nuclear Exploit Kit just a week after the patch was released. We also noted earlier this month that Flash Player was being targeted more frequently by exploit kits, and that shows no sign of changing soon.”
Trend Micro began noticing the exploit being used by the kit on June 15. According to the company, the countries most affected by the threat include the United States, Canada and the U.K.
In the 2015 Trustwave Global Security Report, Trustwave said that 33 percent of the exploits it detected in 2014 were targeting Adobe Flash, an increase of more than 28 percent points from the previous year.
“One of Magnitude’s main differentiators is its traffic sharing business model,” according to the Trustwave report. “Criminals can’t pay to rent Magnitude. Instead, they trade up to 20 percent of the traffic they direct to the kit to Magnitude’s administrators. The administrators then do what they will with their share of the traffic, most often infecting victim machines with ransomware.”
“Widely-used exploit kits such as Magnitude are often well-maintained with new vulnerabilities,” Pi explained. “Our research on these tools reveals that Magnitude is one of the most used exploit kits by cybercriminals along with SweetOrange and Angler. CryptoWall is also another notable threat in and of itself. We initially saw CryptoWall last year spreading through spam, and again later this year partnering with information stealing malware FAREIT.”
Trend Micro recommends users stay up-to-date with the latest version of Flash Player.