Monday, May 19, 2025
HomeMalwareHackers Launching GandCrab Ransomware via New Fallout Exploit Kit using Malvertising Campaign

Hackers Launching GandCrab Ransomware via New Fallout Exploit Kit using Malvertising Campaign

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals now using new Fallout Exploit Kit for launching GandCrab Ransomware via Malvertising Campaign that targets many victims around the world.

This malvertising campaign mainly affected users in  Japan, Korea, the Middle East, Southern Europe, Asia Pacific region and other countries.

Along with this Exploit kit, there are additional domains, regions, and payloads associated with the campaign that helps to successfully deliver the GandCrab ransomware.

- Advertisement - Google News

Attacker carefully picking up the victims to delivering the malicious content to the target users, if the profile matchs then the users redirected from a genuine advertiser page and finally reaching the EK landing page via multiple 302 redirections.

Attackers keep changing the Exploit kit (EK) landing page to evade the IDS detection based on the pattern and other methods.

Other then this, malvertisement either delivers the exploit kit or it tries to reroute the user to other social engineering campaigns based on the browser/OS profiles and user location.

Social Engineering campaigns & Exploit Kit Landing Page

Fake AV prompt for Mac users to download the new file by posted as  a legitimate update by saying “Your Mac might be infected with latest viruses”

An initial stage of landing page contains a  VBScript vulnerability (CVE-2018-8174) code later embedded code will be added for further more reliable payload execution.

Later the next stage of VBScript code will be decoded by keeps the VBScript code as Base64 encoded text in the ‘<span>’ tag where it loads the Jscript code when pages loads.

The decoded VBScript code exploits the CVE-2018-8174 vulnerability and executes shellcode and the shellcode downloads a XOR’d payload at %temp% location, decrypts it, and executes it.

Its initial loading and final payload execution will be done by malware contain using PE loader code.

According to FireEye Researchers, request sequence leads to GandCrab ransomware being fetched and manually loaded into memory by the malware.

In recent years, arrests and distruptions of underground operations have led to exploit kit activity declining heavily. Still, exploit kits pose a significant threat to users who are not running fully patched systems. FireEye Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems

Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially...

Exploiting dMSA for Advanced Active Directory Persistence

Security researchers have identified new methods for achieving persistence in Active Directory environments by...

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Printer Company Distributes Malicious Drivers Infected with XRed Malware

Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious...

Frigidstealer Malware Targets macOS Users to Harvest Login Credentials

An macOS users, a new information-stealing malware dubbed FrigidStealer has emerged as a formidable...