Infected advertisements spread Ransomware through Flash Player vulnerabilty

SEON Ransomware, Locky ransomware or Cryptominers are infecting computers through an exploit-kit which tries to exploits various security holes in the Adobe Flash Player.

According to Jerome Segura of security company Malwarebytes and TrendMicro, there has suddenly been a spike in updated attacks using compromised Revive/OpenX advertising servers on advertising networks in the last month.

ransomware logoAttackers would break into advertising networks and attack users with exploit-kit Greenflash Sundown (named by TrendMicro) exploit kit. If the CVE-2018-4878 and CVE-2018-15982 exploits are successful, malware is installed on the infected computer without any interaction from the user.

Users wouldn’t have to do anything except visit the infected website. No other action was required to infect users via the Adobe Flash Player leak using the exploit kit.

The website Onlinevideoconverter[.]com has shown infected advertisements for some time, according to statistics the website has approximately 200 million views each month. Which as you might have expected should have targetted many potential victims.

Users who have been redirected to this website or have visited this website with an outdated Adobe Flash Player browser plugin are advised to check their computer for any malware.

Adobe Flash Player users are advised updating Adobe Flash Player. The Adobe Flash Player patch of December 2018 fixes the vulnerability which is exploited by the exploit-kit on the malicious advertisements.

Protect the web browser against malicious webpages with Google Suspicious Site Reporter.

Thank me! Help other people. Share this information on social media, a forum or website, and contribute to a safer internet for everyone.

Scroll to Top