8 Year Old GrandSoft Exploit Kit Back In Action

Attack Type: Exploit Kit

Commentary: An attack campaign given the name “Slots” began to utilize the nearly forgotten GrandSoft Exploit Kit (EK). Like most EKs, GrandSoft profiles victims’ browser environments, serves an exploit to take it over, and ultimately delivers some form of malware. GrandSoft EK only uses CVE-2016-0189 which is frequently used in other EKs, and not particularly innovative. However, GrandSoft also encrypts stages of its exploit with RC4, a technique that hasn’t been actively used in recent EKs. The malware delivered, or dropped, by GrandSoftEK has ranged from CryptoCurrency Miners for Leviarcoin, GandCrab Ransomware and RATs.

Delivery: Malvertising or Compromised websites