The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry...
Avast discovered an exploit for CVE-2021-38003 was used in the wild to attack Dota 2 players. This exploit achieved remote code execution on other players' machines by taking advantage of Dota's usage of an outdated V8 version. In response to Avast's findings, Valve patched the vulnerability on...
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process...
In October 2021, we discovered that the Magnitude exploit kit was testing out a Chromium exploit chain in the wild. About a month later, we found that the Underminer exploit kit followed suit and developed an exploit for the same Chromium vulnerability. In this blog post, we are taking a closer...
Router exploit kits are becoming more and more popular among cybercriminals, mostly targeting routers in Brazil, because many Brazilian routers are poorly secured with default and well known login credentials. Router exploit kits are usually distributed via malvertising webpages, and these...
Router exploit kits are very popular in Brazil, and late November we noticed a spike in the number of URLs blocked by Avast’s Web Shield. Taking a closer look, two landing pages, targeting Brazilians, hosting the GhostDNS router exploit kit used to carry out cross-site request forgery (CSRF)...
Intro Router exploit kits are nothing new in Brazil; a router exploit kit named GhostDNS was discovered by Netlab360 in the fall of 2018, showing more than 100K infected SOHO routers. Novidade and other variants of the GhostDNS exploit kit have also been pretty active this year, and Avast has...