​Heimdall Security has discovered a large malware campaign that is utilizing the Angler Exploit kit is underway and part of its payload is CryptoWall 4.0. This campaign utilizes hacked websites that have been compromised to display the Angler exploit kit to unwitting visitors. Once Angler loads, it will attempt to exploit vulnerabilities on the visitor's computer, and if successful, will use these vulnerabilities to download and install malware.


​Heimdall states that this particular campaign will drop two different malware executables onto the victim's computer in order to get the most benefit from the attack. The first malware dropped is the Pony password-stealing Trojan that will attempt to steal Bitcoin wallets as well as passwords for saved sites in web browsers and other applications. The exploit kit will then deliver the CryptoWall 4.0 infection, which will begin to encrypt your data files. So basically they screw you by trying to steal your money and then ransoming your encrypted files for even more money.

According to Heimdall this campaign is extensive and "originates from a bulletproof hosting environment located in Ukraine". They have found that more than 100 web sites that have been hacked are located in Denmark, but that this attack is not limited to Europe. They further state that in the past 24 hours they have blocked over 200 domains that are affiliated with this campaign.

In order to mitigate the risks of being affected by this campaign, all users should immediately check to make sure they are running the latest versions of Java, Flash, Reader, and have all the Windows security updates installed.  By upgrading to the latest version of this software, you will eliminate security vulnerabilities that Angler utilizes to install malware on its victims.

Related Articles:

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

USA Is the Top Country for Hosting Malicious Domains According to Report

Massive Malvertising Campaign Discovered Attempting 40,000 Infections per Week

New Underminer Exploit Kit Discovered Pushing Bootkits and CoinMiners