Threat Database Malware Cool Exploit Kit

Cool Exploit Kit

By ZulaZuza in Malware

Threat Scorecard

Threat Level: 10 % (Normal)
Infected Computers: 4
First Seen: January 7, 2013
Last Seen: March 9, 2023
OS(es) Affected: Windows

The Cool Exploit Kit is a variant of the infamous Black Hole Exploit Kit, one of the most commonly used hacking tools criminals use today. Criminals can rent the Cool Exploit Kit for ten thousand dollars per month (about eight thousand Euros), which gives insight into the bulky amount of money connected to the illicit business of creating and distributing malware. The Cool Exploit Kit in particular has been linked particularly to ransomware Trojan infections. The Cool Exploit Kit incorporates zero-day exploits specifically used in this malware infection.

What Makes the Cool Exploit Kit Different from Other Exploit Kits

According to the authors of the Cool Exploit Kit, this dangerous hacking tool incorporates browser and browser plug-in vulnerabilities that allow criminals to compromise their victims' computers. What is most worrying about this announcement is that the team responsible for the Cool Exploit Kit has the intention of constantly buying and researching new exploits to incorporate into the Cool Exploit Kit, a strategy of development that is not present in other mainstream malware infections. Apart from purchasing new exploits for the Cool Exploit Kit, the authors of this malware threat have indicated that they plan in setting aside certain browser and browser plug-in exploits to be used for their own scams.

How Criminals Have Used the Cool Exploit Kit to Generate Impressive Illicit Profits

It is still not certain how many criminal groups are using the Cool Exploit Kit for their attacks. Two criminal gangs utilizing Cool Exploit Kit have been identified without a doubt, both using the Cool Exploit Kit to distribute variants of the infamous Reveton ransomware Trojan (a common police ransomware Trojan used to make computer users believe that their computer has been blocked by their country's police force). ESG malware analysts suspect that these groups are generating nearly half a million dollars per month with schemes involving the Cool Exploit Kit, meaning that the hefty price tag to rent this exploit kit would be well within their means. Connections have been obvious between Cool Exploit Kit and BlackHole for some time. The connection was confirmed when the authors of the BlackHole Exploit Kit indicated that they were also connected with the development of the Cool Exploit Kit, which integrates many of the same exploits.


Cool Exploit Kit may call the following URLs:


Most Viewed