For just over £60 per day, tech-savvy criminals can now buy access to a new exploit kit (EK) which has been designed to remotely infect computers, experts have warned.
Known as “Disdain”, the hacking tool was recently put up for sale on an underground Russian forum hosted on the dark web. According to fresh research from two security firms this week, Trend Micro and Intsights, it has already been used to infect victims across the world.
Exploit kits take advantage of security bugs in internet browsers and browser add-ons and are typically hosted on a server controlled by the hacker.
A victim is unwittingly directed to the malicious domain, where the exploit kit automatically scans for flaws and – if it finds any – abuses them to install malware.
On Wednesday 9 August, Trend Micro found Disdain had been implemented into a malicious advertising campaign. That came only 24 hours after it was first advertised on a criminal forum, two researchers explained in a blog post this week (17 August).
The company detected two separate groups attempting to use the exploit kit to deliver malware. One, Trend Micro said, was using it to install a cryptocurrency miner. Activity dipped after 12 August, signifying that the tool remains in the “early stages” of development.
The report built upon Intsight’s prior analysis, released 14 August, which linked the kit to a vendor called “Cehceny” who claimed it had the ability to scan domains and track victims’ IP addresses.
Statistics from the security firm indicated that the majority of victim’s so far were located in South America, India, China and Western Europe. The tool, experts uncovered, was selling for $80 (£62) per day, $500 (£388) per week, $1,400 (£1,080) per month.
“Upon purchase, the buyer would receive access to a server where the kit is hosted, along with constant support throughout an agreed-upon time period,” the Intsights blog post read.
Trend Micro researchers said the kit was relying on software vulnerabilities from between 2013 and 2017 – all of which have now been patched. On the Russian underground forum, the vendor claimed that it exploited 17 flaws but, in reality, experts said it only targeted five.
It is highly advised to ensure computer software is kept up-to-date to stay safe from the tool.
“EK’s are one of the most common methods used by hackers to deliver malware on a large scale because they are stealthy and deceptive in their simplicity,” the Intsights blog stated. However, it remains to be seen if the kit will pick up steam in the cybercriminal world.
There have been many kits over the years – Angler, Nuclear, and Neutrino to name a few– but experts previously found their use had dwindled in the past year. According to Malwarebytes that was because there was a “lack of fresh and reliable exploits” available to purchase.
Now, in the wake of Disdain, they could be about to make a resurgence.