The Spelevo Exploit Kit as one of the dangerous weapons handled by hackers has been found to create numerous adult sites and infect them with malware automatically.
The hackers will distribute the threats via organized phishing strategies. A distinctive feature of the Spelevo Exploit Kit attacks is that the first attacks were discovered back in March this year until they gradually grew.
Malicious Adult Sites Are Being Spread Via a Worldwide Spelevo Exploit Kit Attack
An experienced hacking group has been found to utilize the Spelevo Exploit Kit in a dangerous worldwide attack campaign. This malware tool is favored among hacking hacker groups as it can be easily customized to different scenarios and environments. The current focus is the creation of hacker-controlled sites with adult contents. To spread the threat the hackers will use social engineering tactics:
- Landing Pages — The hackers will create many adult-themed landing pages that will suitable contents. When the victims click on the posted links they will be redirected to a malware file or script.
- Faux Copy Sites — Fake copies of famous adult sites can be hosted on similar sounding domain names. The intention of the hackers is to manipulate visitors into mistyping them and presenting to them almost identical copies without raising attention. Effective execution of this tactic is done when the hackers also copy down the text and design layout of
The Spelevo Exploit Kit crafted pages will attempt to deliver the malware via a vulnerability exploitation in Internet Explorer and Adobe Flash Player. Unlike other similar threats this exploit kit this particular hacking tool will also have a backup fail mechanism which will be triggered if the no vulnerabilities are exploited. The other malicious payload which that will be sent to the criminals will be the Ursnif banking Trojan. The security researchers note that instead of redirecting the post-victims to a hacker-made landing page they will be shown the main Google search engine page after a 10-second delay.
At the moment there is no information available about the hacking group. The custom created malware-infected adult sites shows that the hackers are experienced in coordinating the attacks. This means that forthcoming versions might include even more dangerous code.