Angler Exploit Kit is “The Most Advanced of Its Time”

There seems to be a new report regarding cyber security every day as of late. A new study indicates the Angler exploit kit remains the preferred choice for hackers, and security experts estimate this trend will continue for quite some time.

Angler Exploit Kit Remains Popular

TheMerkle_Angler Exploit Kit Security

When it comes to using an exploit kit, hackers are on the lookout for the most advanced solution out there. Angler is getting high praise for their advanced tools and always moving IP range. Moreover, the owners of this exploit kit use stolen credit cards to purchase domain names for distributing Angler, making them impossible to track.

This method has been a pain in the neck for hosting providers as well. They have to deal with a  lot of fraudulent purchases and chargebacks, resulting in mounting financial losses. All of the Angler servers are all running on NGINX, although it remains unknown as to why the assailants would prefer that environment.

Moreover, Angler has made it much easier for Internet criminals to spread their malware and ransomware. All it takes is for users to visit a website with one malicious advertisement, and they run the risk of getting infected. In most cases, the victims won’t even see the landing page of the exploit kit itself, as they are usually hidden behind a loading page.

That being said, there have been some incidents where victims saw an exploit kit landing page. The Angler developers have taken a liking to quoting Jane Austen’s book “Sense and Sensibility”. Landing pages containing that type of text would not arouse suspicion, although it is an interesting choice, to say the least.

People who have been paying close attention to cybersecurity incidents may have noticed there was a large Angler campaign not too long ago. A lot of activity was noted for a brief period, after which the storm calmed down once again. It is not unlikely this cycle will repeat itself over time. Last but not least, Angler distribution is usually done through sites hosted in jurisdictions with strong privacy legislation. This lets the assailants hide behind the guidelines which are supposed to protect consumers, rather than cause them harm.

Source: Tweakers (Dutch)

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.