Neutrino EK

Pierluigi Paganini July 04, 2017
A fresh massive AdGholas Malvertising campaign infects millions

Researchers at Proofpoint discovered a massive AdGholas Malvertising Campaign infecting as many as 1 million computers per day with several banking trojans. A new massive AdGholas malvertising network discovered by experts at Proofpoint has been infecting as many as 1 million computers per day with several banking trojans. AdGholas operators have been active since 2015, the threat […]

Pierluigi Paganini March 25, 2017
CVE-2017-0022 Windows Zero-Day flaw used by AdGholas hackers and it was included in Neutrino EK

The recently patched CVE-2017-0022 Windows Zero-Day vulnerability has been exploited by threat actors behind the AdGholas malvertising campaign and Neutrino EK since July 2016. Microsoft has fixed several security flaws with the March 2017 Patch Tuesday updates. According to security experts at Trend Micro, the list of fixed vulnerabilities includes three flaws that had been exploited […]

Pierluigi Paganini October 13, 2016
Experts observed several malvertising campaigns deliver Cerber 4.0

Cerber 4.0 is the latest variant of the Cerber ransomware family that is becoming even more common in the malvertising campaign in the wild. Another variant of the notorious Cerber ransomware, the Cerber 4.0, appeared in the wild delivered by several exploit kits, including RIG, Neutrino, and Magnitude EKs. According to the experts from Trend Micro, the Cerber 4.0 first appeared in October […]

Pierluigi Paganini August 02, 2016
Afraidgate campaign switches from CryptXXX to Locky Ransomware

Operators behind the Afraidgate campaign continue to leverage on Neutrino EK, but switches from CryptXXX to Locky Ransomware. According to the experts from Palo Alto Networks, one of the most long-lived hacking campaigns leveraging on the Neutrino EK switches from CryptXXX to the Locky Ransomware. The campaign dubbed Afraidgate due to the name of the gate domains (using name servers from […]

Pierluigi Paganini July 21, 2016
Major websites compromised in the last SoakSoak campaign

A large number of business websites have been compromised by the SoakSoak gang to deliver ransomware. Security experts from Invincea firm have discovered that a large number of websites were recruited by the SoakSoak botnet to deliver CryptXXX malware. The list of compromised sites is long and includes the tourism website for Guatemala and the do-it-yourself project […]

Pierluigi Paganini July 15, 2016
Experts published IE Exploit code and crooks added it to Neutrino EK

Operators behind the Neutrino EK have added the code to exploit an Internet Explorer flaw that  was recently patched with the release of the MS16-053. Operators behind the infamous Neutrino EK have recently added the code to exploit an Internet Explorer vulnerability that was patched with the release of the MS16-053 security bulletin. The MS16-053 bulletin patched […]