Novo Kit on the Block: Spelevo I (CVE-2018-15982)

Novo Kit on the Block: Spelevo I (CVE-2018-15982)

Há um novo exploit kit na cidade, e é chamado Spelevo EK. De acordo com relatórios, o exploit kit está usando a vulnerabilidade CVE-2018-15982 para ter acesso a sistemas desatualizados. A vulnerabilidade está localizado no Flash Player.

Flash Player versions e anteriores, e and earlier have a use after free vulnerability, reads its official advisory. Successful exploitation of the flaw could lead to arbitrary code execution.

Earlier this month, malware researcher Kafeine tweeted about the new exploit kit:

It looks like there is a new EK in town (CVE-2018-15982 inside). Vejo 85.17.197[.101. I first thought about GrandSoft but that’s not it. Reminds SPL EK (an evolution?). Going forSpelevoas name.

The CVE-2018-15982 vulnerability was previously used in targeted attacks in which attackers used malicious Word documents that included a Flash file with the vulnerability. The Word document was included in a RAR archive with a JPG picture. Upon triggering the Flash vulnerability, the malware extracted the RAT code embedded in the JPG picture.

Spelevo Exploit Kit CVE-2018-15982 Technical Details

The Spelevo exploit kit is believed to have some similarities with “SPL EK”. Note that the SPL exploit kit was mainly seen in 2012 e 2013, and was most often associated with ZeroAccess and Scareware/FakeAV.

The use of the CVE-2018-8174 vulnerability has been spotted there as well, malware researchers say.

The exploit kit may be distributing Backdoor.Win32.Gootkit.K also known as the Gootkit backdoor. Ano passado, attackers hacked into MailChimp’s network to send fake invoices and emails ridden with malware, Gootkit included. In one particular case, Red Bull Records’ MailChimp account was compromised and abused to distribute an Apple-themed phishing email. It appeared that Mailchimp’s network was abused to distribute the backdoor for four whole months, said researcher Kevin Beaumont.

relacionado: MailChimp Abused to Deliver GootKit Banking Malware for 4 meses.

What to do if you believe you’ve been compromised

The very first thing to do is to update your Flash Player to its latest version which is not exploitable. Como já foi dito, CVE-2018-15982 is a vulnerability that allows remote code execution in Flash Player up to The vulnerability was patched on December 05, 2018. You can refer to the official security bulletin para mais detalhes.

The next step is making sure that your system hasn’t been affected by malware. If you scan your system with an anti-malware program, and the program detects a backdoor such as Gootkit, you should considering removing the threat immediately. Having a backdoor or any form of malicious software on your system can lead to a variety of catastrophic scenarios.

A backdoor Trojan, or a RAT, is utilized to give remote access to the infected system or network. Thanks to backdoors, cybercriminals get to decide when to initiate the exploit, and what malicious activities will take place in the attack. Backdoors may be used to send and receive data, launch operations, display information or reboot the PC. An infected computer can also become a silent participant in a botnet or zombie network.


Remoção de Malware Ferramenta

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar