Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Nuclear EK Gate Uses Decoy CloudFlare DDoS Check Page

A fake CloudFlare DDoS (distributed denial of service) check page is being used by a Nuclear exploit kit (EK) gate to load a malicious redirection page to serve malware, according to security firm Malwarebytes.

A fake CloudFlare DDoS (distributed denial of service) check page is being used by a Nuclear exploit kit (EK) gate to load a malicious redirection page to serve malware, according to security firm Malwarebytes.

CloudFlare is a well-known cloud security provider that offers DDoS protection along with several other services to website owners. CloudFlare filters DNS requests through its infrastructure to protect websites from attacks and provide faster page delivery times.

In a recent blog post, Malwarebytes’ Jérôme Segura explains that there have been several malvertising attacks that have been redirecting users to a rogue domain which appears to be using CloudFlare, but is actually serving the Nuclear EK instead. However, a closer inspection revealed that the server’s IP address does not belong to CloudFlare and that the domain is completely bogus.

The interesting part, however, is the fact that the cybercriminals are using a conditional malicious redirection that checks if the user is genuine. Next, the user is redirected to an intermediate site designed to further redirect the victim to the Nuclear EK, in addition to loading an ad banner and collecting an affiliate commission.

The attackers also rely on JavaScript in order to launch their exploit, and they even instruct users to “turn JavaScript on and reload the page.” 

The technique, however, might not return the expected results every time, and Malwarebytes researchers say they do not know why the threat actors are using the aforementioned redirection template.

CloudFlare has been already alerted on the matter and has confirmed that the bogus domain is in no way associated with the security firm.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.