Cyber criminals use dangerous exploit kits to infect users with malware
While Indian businesses continue to surf on the wave of digitisation, there is one dilemma that constantly haunts them all—security.
With hackers surfacing with new and improved tools under their arsenal, companies need to quickly tune their security infrastructure to prevent further attacks.
A recent report by Symantec pointed out that cyber-criminals are constantly surfacing with new research and analytic tools, and using that to “innovatively find vulnerabilities in systems and infect users with malware.”
The report said: “These kits are big money in the underground economy and one of the most notorious among them is the Angler Exploit Kit."
One of the most recent companies to fall victim to the Angler Exploit Kit is Burrp—an Indian food recommendation website similar to Zomato.
According to the report, the company’s website was compromised and redirected users to the Angler Exploit Kit (EK) in order to deliver the TeslaCrypt ransomware.
After the completion of the process, the hackers took over users’ computers and encrypted their personal files, which sounds really scary. Later, the perpetrators demanded a ransom from users for decrypting the files.
The pattern
First, the online hackers compromised Burrp by injecting code into one of the site’s JavaScript files. When a user clicked on this code they automatically got redirected to a malicious site with “megaadvertize” in the URL.
Later the user is redirected to the Angler Exploit Kit landing page.
If the exploit is successful, the TeslaCrypt payload is downloaded on the target user’s system. The payload then writes an executable Trojan file to memory and the file drops the ransom message into every folder with encrypted files.
This notice demands that the user pays in bitcoins to obtain the decryption key and restore their data.
“The site has been sending users to the exploit kit since the beginning of February. Symantec notified Burrp of the compromise and the company has stated that it is working to resolve the issue. Most of the users who have been impacted by this attack are based in the US and India,” said the report.
Symantec has also suggested that users should keep their operating system and other software updated to prevent security vulnerabilities. Moreover, users should regularly back up files and install security softwares.
If you feel that you have been victimised, notify the administrator of the host website at once to prevent the attack from spreading.
