A new exploit kit (EK) dubbed Fallout has been used in a cybersecurity malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region, according to a new FireEye report.
Late last month, FireEye and other security researchers observed the Fallout EK was used in a malvertising campaign to distribute SmokeLoader in Japan and GandCrab ransomware in the Middle East.
An excerpt of the Fallout EK threat as described by FireEye
“Fallout EK fingerprints the user browser profile and delivers malicious content if the user profile matches a target of interest. If successfully matched, the user is redirected from a genuine advertiser page, via multiple 302 redirects, to the exploit kit landing page URL.”
The landing page URL contained code for a VBScript vulnerability (CVE-2018-8174) and also added Flash embedding code to help execute malicious payloads on a visitor’s system.