There has been an increase in the number of compromised websites that distribute malware via the Red Kit exploit kit.
Attackers utilized two mechanisms to infect websites such as whitesteeple[dot]com, oute66marathon[dot]com and neptunebenson[dot]com, said researchers at Zscaler.
One of the methods involves injecting a standard iframe that takes visitors through multiple redirections to a Red Kit landing page. The second method uses SEO techniques to perform HTTP 302 redirections to the malicious landing page.
The exploit kit leverages a Java sandbox bypass vulnerability to push a malicious file designed to stop running if virtual machine or debugging environments end up detected.
Once it’s executed, the malware, which is a keylogger Trojan, steals sensitive information from the infected system and sends it back to a remote server.
The researchers said right now only three antivirus solutions are capable of identifying the threat.