KaiXin Exploit Kit

Posted: May 27, 2019

KaiXin Exploit Kit Description

The KaiXin Exploit Kit (EK) originates from China and is still being broadly used despite its relatively old age, and the fact that it never gained as much popularity as notable exploit kits such as Nebula and RIG. The pages laced with the KaiXin Exploit Kit contain specially crafted JavaScript code that performs several checks to acquire the exact versions of several types of software that the victim is likely to use – Microsoft Edge, Java, Adobe Flash and Internet Explorer. The checks are meant to assist the KaiXin Exploit Kit by allowing it to determine which exploit it should try to apply.

The primary targets of the KaiXin Exploit Kit appear to be users running an outdated version of the Java Runtime Environment (JRE) – if the user’s version is between 17006 and 17011, the EK may use one of the following exploits to gain privileges to drop a corrupted executable file – CVE-2012-4681, CVE-2013-0422 and CVE-2011-3544.

After trying to exploit vulnerable copies of JRE, the landing page may load external files that are meant to check for non-JAVA related vulnerabilities silently:

  • RfVvPx.html – Checks for vulnerabilities linked to Adobe Flash.
  • XsSgBz.html – Is only loaded if the visitor runs a combination of Windows 10 and Microsoft Edge. It attempts to use the vulnerabilities CVE-2016-7200 and CVE-2016-7201
  • OvTiFx.html – Is only loaded on Windows Vista or Windows 7 computers and relies on CVE-2016-0189.
  • HiFyUd.html – Is only loaded on Windows XP computers, and also makes use of CVE-2016-0189.

One of the larger campaigns linked to the use of the KaiXin Exploit Kit dropped a copy of the Gh0st RAT, but it is certain that attackers who use this EK will rely on different malware frequently.

Exploit kits are one of the most popular tools that cybercriminals use to identify potential targets and then drop malware on the targets’ computers. To protect yourself from this infection vector, you should not only make use of reputable anti-virus software but also remember to apply all pending updates to your operating system and the software you use.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KaiXin Exploit Kit may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Malware KaiXin Exploit Kit

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.