A new exploit kit (EK) has emerged recently on underground forums, where a malware developer is advertising it starting at just $80.
Called Disdain and discovered by malware analyst David Montenegro, the toolkit is available for rent on a daily, weekly, or monthly basis, priced at $80, $500, and $1,400, respectively. Security researchers have already managed to track the advert for the EK and learn more about its alleged capabilities.
According to Disdain’s author, the main features of the toolkit include domain rotator, RSA key exchange for exploits, panel server untraceable from payload server, geolocation, browser & IP tracking, and domain scanning capabilities.
The malware developer claims the toolkit can exploit over a dozen vulnerabilities in Firefox (CVE-2017-5375, CVE-2016-9078, CVE-2014-8636, CVE-2014-1510, CVE-2013-1710), Internet Explorer (CVE-2017-0037, CVE-2016-7200 (Edge as well), CVE-2016-0189, CVE-2015-2419, CVE-2014-6332, CVE-2013-2551), Flash (CVE-2016-4117, CVE-2016-1019, CVE-2015-5119), and Cisco Web Ex (CVE-2017-3823).
There has not been a malware distribution campaign fueled by this exploit kit found to date, likely because Disdain hasn’t been around long enough to prove it is a viable tool. Furthermore, its author, who goes by the name of Cehceny, doesn’t have a good reputation among cybercriminals and is considered a scammer on at least one underground hacking forum, BleepingComputer notes.
Although no botnet or malvertising campaign is redirecting traffic to Disdain’s landing pages at the moment, the toolkit could turn into a major threat if miscreants start employing it. As soon as users are redirected to one of the exploit kit’s pages, the toolkit can scan the potential victim’s browser and attempt to exploit one of the discovered vulnerabilities to install malware.
Disdain includes a large number of new exploits, which could help it gain traction, especially since the exploit kit landscape has been greatly shaken over the past year, starting with Angler and Nuclear, both of which went down in the first half of last year.
Exploit kit activity this year has been only a fraction of what it was in early 2016, and continues to diminish as more toolkits are taken down and very few new players observed. Cybercriminals, however, are turning to other methods of distributing malware, including spam emails and other types of attacks.
Related: Terror Exploit Kit Rising as Sundown Disappears
Related: New Terror Exploit Kit Emerges
More from Ionut Arghire
- US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
- Dozens of Malicious NPM Packages Steal User, System Data
- Motel One Discloses Ransomware Attack Impacting Customer Data
- Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities
- European Telecommunications Standards Institute Discloses Data Breach
- Johnson Controls Ransomware Attack Could Impact DHS
- CISA Kicks Off Cybersecurity Awareness Month With New Program
- Silverfort Open Sources Lateral Movement Detection Tool
Latest News
- Synqly Joins Race to Fix Security, Infrastructure Product Integrations
- ZDI Discusses First Automotive Pwn2Own
- Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies
- US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform
- Actor Tom Hanks Warns of Ad With AI Imposter
- Network, Meet Cloud; Cloud, Meet Network
- Dozens of Malicious NPM Packages Steal User, System Data
- Motel One Discloses Ransomware Attack Impacting Customer Data
