The Magnitude exploit kit is 1 of the longest-serving browser exploitation toolkits with those yet inward use. After its inception inward 2013, it enjoyed worldwide distribution with a liking for ransomware. Eventually, it became a someone functioning that had a narrow geographic focus.
During 2017, Magnitude delivered Cerber ransomware via a filtering gate known every bit Magnigate, solely to a direct few Asian countries. In Oct 2017, the exploit kit operator began to distribute its ain breed of ransomware, Magniber. That alter came with an interesting twist—the malware authors went to non bad lengths to bound infections to South Korea. In improver to traffic filtering via country-specific malvertising chains, Magniber would solely install if a specific province code was returned, otherwise, it would delete itself.
In Apr 2018, the exploit kit unexpectedly started pushing the ever-growing GandCrab ransomware, presently after having adopted a fresh Flash zero-day (CVE-2018-4878) inward what researchers believe may convey been a brief bear witness crusade earlier Magniber was launched again. In recent captures of Magnitude, it is seen the latest Internet Explorer exploit (CVE-2018-8174) is beingness used primarily, which it integrated after a week-long traffic interruption.
“In early on July, nosotros noted exploit attempts happening exterior of the typical expanse nosotros had perish used to, for instance inward Malaysia,” researchers said inward the blog. “At most the same time, a tweet from MalwareHunterTeam mentioned infections inward Taiwan together with Hong Kong.”
The ransomware carries out its functioning with surgical precision, said, researchers. "Criminals know just which countries they desire to target, together with they set their efforts to minimize dissonance together with cut collateral damage," wrote researchers at Malwarebytes, adding that its source code is directly to a greater extent than refined.
