Unpatched Joomla possible entry point for Angler, Cryptxxx combo
Popular die cast car manufacturer Maisto has been slinging the deadly Angler exploit kit which in turn installs the Cryptxxx ransomware on victim machines.
The site appears to have been compromised through an outdated Joomla content management system in what is likely the pseudo-darkleech campaign reported by Sucuri. Malwarebytes researcher Jerome Segura says the attackers have moved from targeted Apache to Microsoft IIS servers.
Malicious code was injected directly into the homepage and bears the same pattern as the pseudo-darkleech campaign,” Segura says, before advising “… users should ensure that their computers are fully up-to-date and remove unnecessary or risky plugins such as Flash or Silverlight.”
The company has killed the infection and the site is now offline following Segura’s disclosure.
It is unknown how many users are affected.
Kaspersky offers a tool to decrypt the ransomware for free after the researchers found exploitable vulnerabilities.
The Angler exploit kit is one of the most dangerous and capable in the world, but rival offerings have been used widely of late.
Segura reported last month that more than 400 malicious advertisements were shipped through pwned ad network AdsTerra in two weeks.
Those ads dropped the hugely successful Magnitude exploit kit. ®
Rise of the machines