Home Malware Programs Trojans Angler Exploit Kit

Angler Exploit Kit

Posted: March 6, 2014

Threat Metric

Threat Level: 9/10
Infected PCs: 14
First Seen: March 10, 2014
Last Seen: December 18, 2020
OS(es) Affected: Windows

The Angler Exploit Kit is a Web-based threat that installs threatening software onto your computer after exposure to the EK's host Web page. Some of the latest Angler Exploit Kit attacks have used compromised advertisement networks on software piracy websites, but the Angler Exploit Kit also may be inserted into other types of Web pages. Anti-malware protection and strong security settings for your browser should be sufficient for blocking the Angler Exploit Kit's attacks, and similar anti-malware tools should be utilized to delete any software installed via its exploits automatically.

The Angler Exploit Kit: Catching New PCs Hook, Line and Sinker

Exploit kits are one of threat authors' favorite methods of installing high-level threats, such as banking Trojans, backdoor Trojans and rootkits, all without any symptoms to alert the victims using the infected PC. Since an exploit kit like the Angler Exploit Kit often is 'rented' out to third parties for personal campaigns, even the threats installed by a single exploit kit may differ drastically between attacks. Examples of some payloads using the Angler Exploit Kit that malware researchers have seen include:

  • The Critoni Ransomware, a group of Trojans that encrypt files on your PC, and then ransom you for the decryption process.
  • Poweliks, a spyware threat that stores itself in-memory without installing any visible files to your hard drive.
  • ZeroAccess, a rootkit often used to conduct Bitcoin-mining attacks (among its other functions) that may cause permanent harm to your hardware.

The Angler Exploit Kit is launched automatically whenever an unprotected Web browser loads its content, which recently saw distribution on a Pirate Bay advertising network. By using Flash, Java or Adobe Reader vulnerabilities that the Angler Exploit Kit detects automatically, the Angler Exploit Kit then installs its payload onto your system.

Disentangling Your System from an Angler Exploit Kit's Payload

The vulnerabilities used by the Angler Exploit Kit and other EKs often are updated with time. This pattern of threat updates requires potential victims to update their personal software and security solutions, in turn; this especially is true for users of any Web-browsing software with Java or Flash capabilities. Blocking scripts and suspicious advertisement networks also can provide your browser with some level of protection from common sources of contact with the Angler Exploit Kit's attacks. Malware experts also note that live anti-malware protection could block the threat installation before it can occur.

Even with all these solutions available, the Angler Exploit Kit and other EKs are anticipated to remain responsible for significant threat distribution for the foreseeable future. Sites like thepiratebay.se, while not necessarily illegal to visit, do continue to be common sources of unintended exposure to the Angler Exploit Kit and other threats that thrive on advertisement networks with poor security.

Loading...