After the Nuclear and Angler exploit kits (EKs) went down, overall activity generated from exploit kits has dropped to only a fraction of what used to be.
Bad guys, however, don’t necessarily think that way as they want to take advantage of this gap with new threats, including the “Terror” exploit kit.
Unlike other toolkits, Terror stands out because its developer appears to be doing everything on his or her own. The developer has been actively updating the threat over the past several weeks, and is using the exploit kit to drop a cryptocurrency miner to the compromised machines, which is effective enough for a one-man operation, Trustwave security researchers said in a blog post.
The new Terror EK is using eight different operational exploits, including CVE-2014-6332 and CVE-2016-0189 for Internet Explorer, CVE-2015-5119 and CVE-2015-5122 for Adobe Flash, CVE-2013-1670/CVE-2013-1710, CVE-2014-1510/CVE-2014-1511, CVE-2014-8636, and CVE-2015-4495 for Firefox.
The researchers also found the toolkit’s exploits are a combination of metasploit exploits and those borrowed from either Sundown or Hunter EKs.