Actively Developed Capesand Exploit Kit Emerges in Attacks

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,111
A newly discovered exploit kit (EK) is being employed in live attacks despite the fact that it’s still in an unfinished state, Trend Micro’s security researchers reveal.
Dubbed Capesand, the toolkit was discovered in October 2019, when a malvertising campaign employing the RIG EK to drop DarkRAT and njRAT switched to using it for delivery instead.
The new threat attempts to exploit recent vulnerabilities in Adobe Flash and Microsoft Internet Explorer (IE), but also targets a 2015 vulnerability in the browser.
Capesand’s authors, the security researchers say, appear to be reusing source code from a publicly shared exploit kit code. In fact, almost all of the toolkit’s functions — this includes exploits, obfuscation, and packing techniques — reuse open-source code.
The malicious advertisements were delivered from the ad network straight to the victim’s browser, posing as a blog discussing blockchain. The page had been copied using the HTTrack website copying tool and contains a hidden iframe to load the exploit kit.
Analysis of the Capesand panel has revealed that it allows threat actors to check the status of exploit kit usage and download frontend source code to deploy on their servers. Code similarities suggest the new threat is derived from the old Demon Hunter EK.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top