Security researchers have spotted two different online schemes that lead to pages hosting the FlashPack exploit kit.
Malwarebytes’ Jerome Segura doesn’t say how the users are lured or redirected to the compromised site.
The second scheme is centered around a specific add-on that adds social media sharing buttons to websites.
“This alone should raise red flags: it means that the site owner is loading scripts from an external server not under their control,” pointed out Joseph Chen, a fraud researcher with Trend Micro.
“It’s one thing if it loads scripts on trusted sites like Google, Facebook, or other well-known names; it’s another thing to load scripts on little-known servers with no name to protect.”
And, as it turns out, this particular script is malicious. “On certain sites, instead of the original add-on script, the user is redirected to the script of FlashPack,” Chen notes, adding that one of these sites is a free blogging site popular in Japan.
As before, the exploit kit serves Flash exploits which, if successful, download the Carberp trojan on the victim’s computer.
According to Trend Micro, some 66,000 users – mostly in Japan – have been successfully targeted with this last scheme.
Among the vulnerabilities exploited by the kit is the CVE-2014-0497 Flash vulnerability that has been patched earlier this year. Unfortunately, a lot of people aren’t good at keeping their software updated.