CYBER NEWS

CVE-2020-0674: Internet Explorer Targeted By Purple Fox and Magnitude Exploit Kits

New exploits for Microsoft Software including the Windows operating system have been added to the Purple Fox and Magnitude Exploit Kits. These are some of the serious tools used by computer criminals in leveraging large-scale network attacks. The newly found issues have been identified in major components such as the Internet Explorer web browser and its associated libraries.




CVE-2020-0674 and Other Dangerous Exploits Used In New Purple Fox and Magnitude Exploits Kits

The Magnitude Exploit Kit has been updated with new functionality being able to infect Microsoft Explorer users. The last active campaign was detected in Asia, specifically targeting Hong Kong, South Korea and Taiwan with the newer update of the software. This vulnerability is being tracked in the CVE-2019-1367 advisory. This was a zero-day vulnerability detected in Internet Explorer. It has since then been addressed and a patch has been released by the company.

Related:
CVE-2019-1367 is a new zero-day vulnerability of the remote code execution kind, for which an emergency patch was just issued.
CVE-2019-1367: Zero-Day in Internet Explorer, Patch Now

The main method of spreading virus code that can impact the web browsers is the launching of malvertising attacks. This includes the use of the Purple Fox Exploit Kit which has been configured to exploit Microsoft Windows 10 with the CVE-2020-0674 threat. It takes advantage of a security issue found in the jscript.dll library, one of the core components which is used by the operating system. The abuse will lead to a leak making it possible to hijack information. A memory manipulation will follow which will lead to the loading of malware.

One of the important aspects of the Purple Fox exploit kit is the fact that the hackers behind it have created their own exploit kit instead using a ready-made solution. This is in comparison with hacking groups that have traditionally relied on malvertising using the RIG exploit kit.

Previous campaigns relied on the exploit kits to deliver ransomware. Language checks were made and the targets were chosen based on the results of the analysis. In newer versions the language identification has been removed as the targeted users were chosen based on their proposed geographical location.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...