KaiXin Exploit Kit
The KaiXin Exploit Kit (EK) originates from China and is still being broadly used despite its relatively old age, and the fact that it never gained as much popularity as notable exploit kits such as Nebula and RIG. The pages laced with the KaiXin Exploit Kit contain specially crafted JavaScript code that performs several checks to acquire the exact versions of several types of software that the victim is likely to use – Microsoft Edge, Java, Adobe Flash and Internet Explorer. The checks are meant to assist the KaiXin Exploit Kit by allowing it to determine which exploit it should try to apply.
The primary targets of the KaiXin Exploit Kit appear to be users running an outdated version of the Java Runtime Environment (JRE) – if the user’s version is between 17006 and 17011, the EK may use one of the following exploits to gain privileges to drop a corrupted executable file – CVE-2012-4681, CVE-2013-0422 and CVE-2011-3544.
After trying to exploit vulnerable copies of JRE, the landing page may load external files that are meant to check for non-JAVA related vulnerabilities silently:
- RfVvPx.html – Checks for vulnerabilities linked to Adobe Flash.
- XsSgBz.html – Is only loaded if the visitor runs a combination of Windows 10 and Microsoft Edge. It attempts to use the vulnerabilities CVE-2016-7200 and CVE-2016-7201
- OvTiFx.html – Is only loaded on Windows Vista or Windows 7 computers and relies on CVE-2016-0189.
- HiFyUd.html – Is only loaded on Windows XP computers, and also makes use of CVE-2016-0189.
One of the larger campaigns linked to the use of the KaiXin Exploit Kit dropped a copy of the Gh0st RAT, but it is certain that attackers who use this EK will rely on different malware frequently.
Exploit kits are one of the most popular tools that cybercriminals use to identify potential targets and then drop malware on the targets’ computers. To protect yourself from this infection vector, you should not only make use of reputable anti-virus software but also remember to apply all pending updates to your operating system and the software you use.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.