Over the last few months, we have seen increased Exploit Kit activity. One example is the Fallout Exploit Kit, which we will describe in depth in this article. Since its emergence in August 2018, threat actors have intensively used the Fallout Exploit Kit to deliver ransomware (GandCrab, Kraken, Maze, Minotaur, Matrix and Stop), Banker Trojans (DanaBot) and information stealers (RaccoonStealer, AZORult, Vidar), and others.
Malicious ads have become a standard means for exploit kits to reach vulnerable systems. Because of the complex redirection chain provided by ad services, malicious ads remain an extremely effective attack vector to deliver exploits and, finally, malware.
Bitdefender researchers Mihai Neagu and Cosmin Carp have taken a closer look at the Fallout Exploit kit as used in a campaign that leads to Raccoon Stealer. The key findings are available in the paper below.