Exploit Kits are continuously evolving. As one disappears, another may rise. One Exploit Kit (EK), Nebula, was recently discovered and reported by cyber researcher Kafeine.
Kafeine uncovered the leads of a previously known EK, Sundown, with slight deviations. Named Nebula EK, the one difference between these two Exploit Kits, as reported by Kafeine, is Nebula’s internal TDS. (TDS is a gate that is used to redirect visitors to various content)
This EK, similar to its predecessor, is capable of:
Malware-Traffic-Analysis reported that DiamondFox malware is being distributed by Nebula. DiamondFox malware is capable of information disclosure (specifically credentials and financial information) and known for attacks on point of sale systems.
ThreatSTOP IP Firewall Service and DNS Firewall Service protect against Nebula EK’s latest campaign and recent activity from DiamondFox malware, if TSCritical targets in policies are enabled.