KaiXin Exploit Kit Description
The attackers seem to rely on infiltrating the targeted system via JAVA Runtime Environment (JRE) mostly, specifically an outdated version between 17006 and 17011. Three exploits regarding JRE have been detected – CVE-2011-3544, CVE-2012-4681 and CVE-2013-0422.
In case the KaiXin Exploit Kit does not manage to infiltrate the system via JRE, it would look for other exploits to apply by executing external files. The KaiXin Exploit Kit would use RfVvPx.html to look for vulnerabilities regarding Adobe Flash. Another tool in the KaiXin Exploit Kit's arsenal is XsSgBz.html, which is used in case the victim is running Microsoft Edge on Windows 10. This tool is meant to exploit the vulnerabilities CVE-2016-7201 and CVE-2016-7200. If the user is running the older versions of Windows that are Windows 7 or Windows Vista, then the KaiXin Exploit Kit employs OvTiFx.html, which is design to exploit the CVE-2016-0189 vulnerability. In case the victim is running the even older OS Windows XP, the KaiXin Exploit Kit attempts to infiltrate it via the known CVE-2016-0189 vulnerability.
The Chinese hackers behind the KaiXin Exploit Kit have used their tool to drop Gh0st RAT, but it is likely that they spread different malware in different campaigns.
Users worldwide need to understand how crucial it is to keep all their software up to date because ill-minded actors like the ones responsible for the KaiXin Exploit Kit are looking for new vulnerabilities in outdated software constantly. Furthermore, it is crucial to download and install a trustworthy anti-spyware tool and keep it up-to-date.