New Exploit Kit Spelevo Carries Bag of Old Tricks

[silversurfer]

A new exploit kit that researchers named Spelevo has emerged recently targeting a certain category of victims and infect their computer systems with two banking trojans.
 
To achieve their goal, exploit kits (EKs) use a traffic direct system (TDS) or gate that points the connection to a landing page where the potential victim device is analyzed for vulnerable applications. Candidates are then directed to the adequate exploit.
 
The latest exploits preferred by these browser-based threats are Internet Explorer’s CVE-2018-8174, and Flash’s CVE-2018-15982 and CVE-2018-4878, as noted by Malwarebytes most recent in their most recent seasonal EK report.
 
Discovered by security researcher Kafeine back in early March, Spelevo uses a business-to-business (B2B) website to drop infamous banking trojans IceD and Dridex, according to an analysis from Cisco Talos today.

SOURCE: https://www.bleepingcomputer.com/news/se...ld-tricks/