Malwarebytes uncovers malware double header

Java exploit delivers double dose of malware in first of its kind attack.

Malwarebytes security researchers claim to have discovered a new type of Java exploit kit that delivers two malwares in one attack a move they have dubbed "the split".

The Redkit exploit kit, which exploits Java vulnerabilities, was first detected in the wild in 2012.

Meanwhile, anti-virus vendor McAfee said in January that it was increasing in popularity and prevalence, but Malwarebytes now claims this is the first time it or any other exploit kit has been seen delivering two malicious codes at once.

Jerome Segura, senior security researcher at Malwarebytes, who has detailed in a blog post how the split' Redkit exploit kit was discovered, told IT Pro this technique is likely to become more popular.

"Since I started detecting this trick, I am seeing it a lot more within packet captures. For now it is still only part of the Redkit exploit kit, but it is just a matter of time before someone else copies it," Segura said.

Segura also explained that while in theory this type of split' exploit kit could contain any number of malware files, there is a limit to how many can be wrapped together before it starts to cause problems for the kit itself.

"We can expect several different malware samples within the payload, but there is a critical mass. Too many samples could start conflicting with one another and also attract attention," he claimed.

While Segura believes it is likely exploit kits will continue primarily to drop the most effective malware currently on the cyber crime market, this bundling of two or more malwares together may be used by exploit kit operators as a sideline to their main business.

"I wouldn't be surprised to see some custom type of malware, very stealth and which gets activated later on. That way the exploit kit operator can still make his money in the short term without raising suspicions from his clients' for whom he bundled ransomware, for example, while at the same time taking his share and saving it for later," Segura concluded.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022