A bot in the website of the International Council of Women (ICW) has been compromised by attackers using the Nuclear Exploit Kit—infecting users with the Kelihos bot.
According to Zscaler, the EK was heavily obfuscated to evade security software detections.
Researchers found that the malware was communicating with remote servers to exchange information used to execute various tasks—including sending spam email, capturing sensitive information or downloading and executing malicious files. Kelihos was also trying to steal login credentials and digital currency—including Bitcoin—by monitoring network traffic of the victim's machine. And, it was trying to gather stored information such as usernames, passwords and host names from various Internet browsers—including Google Chrome and ChromePlus.