New Fallout EK Brings Return of Old Ransomware

The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.

Theres a new malware carrier in town, and its bringing an old piece of ransomware with it in an initial campaign, though researchers warn that theres no reason that the new exploit kit (which was named Fallout by the researchers who found it) could not deliver multiple malware packages.
The Japanese security researchers, nao_sec, found the initial instance of the software they dubbed the Fallout Exploit Kit because of its similarity to the previously known Nuclear Pack Exploit Kit. The exploit kit, which
nao-sec says
uses
CVE-2018-4878
and
CVE-2018-8174
, using first VBScript, then Flash vulnerabilities to infect the victim.
At the initial discovery of the kit in Japan, Smoke Loader was the malware downloader installed by Fallout. A post by
researchers at FireEye
says that their team also found Fallout, this time in the Middle East, where it was being used to infect systems with GandCrab ransomware. According to the FireEye researchers, Fallout fingerprints the user browser profile, searching for users in particular regions. If the victim machine is not in a targeted area, the user is redirected to a simple bad advertising site. If the user is in a region of interest, then the system is sent to a site where the process of downloading malware continues.
Code analysis shows much of the malware loader coming in code buried in tags on the website pointed to by the kit. Depending on the system hit by the malicious software, the result can be ransomware (in the case of Windows systems) or PUPs (potentially unwanted programs) in the case of Mac systems. These PUPs, while not officially classed as malware, can consist of programs such as adware, unwanted browser helpers, or toolbar add-ons for browsers.
As with many malware packages, Fallout exploits vulnerabilities that have been patched in up-to-date software. According to the FireEye researchers, this is a partial explanation for the geographical targeting of the campaign because Asia, Africa, and the Middle East are areas in which systems are statistically more likely to be behind on updates and patches.
As protection against this new malware, administrators are urged to keep systems fully patched and up to date, and to stress proper online behavior to employees and system users.
Related Content:
GandCrab Ransomware Goes Agile
Gandcrab Ransomware Exploits Website Vulnerabilities
Lean, Mean & Agile Hacking Machine
7 Variants (So Far) of Mirai

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Fallout EK Brings Return of Old Ransomware