KaiXin Exploit Kit

KaiXin Exploit Kit Description

The KaiXin Exploit Kit is a relatively old exploit kit, which is still in use to this day. It is believed to originate from China. Pages hosting the KaiXin Exploit Kit may cover various subjects, and their visitors are unlikely to notice anything out of the ordinary. However, the page will not deliver just the legitimate content – it also will use the Exploit Kit's JavaScript code in the background to scan for vulnerabilities. The KaiXin Exploit Kit scans the software that is installed on the victim's computer to determine what exploits should be employed. It will seem that KaiXin Exploit Kit uses exploits in JAVA, Microsoft Edge, Internet Explorer and Adobe Flash.

The attackers seem to rely on infiltrating the targeted system via JAVA Runtime Environment (JRE) mostly, specifically an outdated version between 17006 and 17011. Three exploits regarding JRE have been detected – CVE-2011-3544, CVE-2012-4681 and CVE-2013-0422.

In case the KaiXin Exploit Kit does not manage to infiltrate the system via JRE, it would look for other exploits to apply by executing external files. The KaiXin Exploit Kit would use RfVvPx.html to look for vulnerabilities regarding Adobe Flash. Another tool in the KaiXin Exploit Kit's arsenal is XsSgBz.html, which is used in case the victim is running Microsoft Edge on Windows 10. This tool is meant to exploit the vulnerabilities CVE-2016-7201 and CVE-2016-7200. If the user is running the older versions of Windows that are Windows 7 or Windows Vista, then the KaiXin Exploit Kit employs OvTiFx.html, which is design to exploit the CVE-2016-0189 vulnerability. In case the victim is running the even older OS Windows XP, the KaiXin Exploit Kit attempts to infiltrate it via the known CVE-2016-0189 vulnerability.

The Chinese hackers behind the KaiXin Exploit Kit have used their tool to drop Gh0st RAT, but it is likely that they spread different malware in different campaigns.

Users worldwide need to understand how crucial it is to keep all their software up to date because ill-minded actors like the ones responsible for the KaiXin Exploit Kit are looking for new vulnerabilities in outdated software constantly. Furthermore, it is crucial to download and install a trustworthy anti-spyware tool and keep it up-to-date.