KaiXin Exploit Kit Description
The primary targets of the KaiXin Exploit Kit appear to be users running an outdated version of the Java Runtime Environment (JRE) – if the user’s version is between 17006 and 17011, the EK may use one of the following exploits to gain privileges to drop a corrupted executable file – CVE-2012-4681, CVE-2013-0422 and CVE-2011-3544.
After trying to exploit vulnerable copies of JRE, the landing page may load external files that are meant to check for non-JAVA related vulnerabilities silently:
- RfVvPx.html – Checks for vulnerabilities linked to Adobe Flash.
- XsSgBz.html – Is only loaded if the visitor runs a combination of Windows 10 and Microsoft Edge. It attempts to use the vulnerabilities CVE-2016-7200 and CVE-2016-7201
- OvTiFx.html – Is only loaded on Windows Vista or Windows 7 computers and relies on CVE-2016-0189.
- HiFyUd.html – Is only loaded on Windows XP computers, and also makes use of CVE-2016-0189.
One of the larger campaigns linked to the use of the KaiXin Exploit Kit dropped a copy of the Gh0st RAT, but it is certain that attackers who use this EK will rely on different malware frequently.
Exploit kits are one of the most popular tools that cybercriminals use to identify potential targets and then drop malware on the targets’ computers. To protect yourself from this infection vector, you should not only make use of reputable anti-virus software but also remember to apply all pending updates to your operating system and the software you use.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to KaiXin Exploit Kit may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.