Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

New private Exploit-Kit “Infinity” available on the underground

Security Experts at Intercrawler have discovered in the underground a new Exploit-Kit dubbed “Infinity” which might be a new replacement of “Blackhole” Security expert at IntelCrawler, a cyber threat intelligence firm based in Los Angeles, discovered a new private exploit-kit called “Infinity” in the underground. It isn’t a distribution on a large-scale, authors reserved it […]

New private Exploit-Kit “Infinity” available on the underground

Security Experts at Intercrawler have discovered in the underground a new Exploit-Kit dubbed “Infinity” which might be a new replacement of “Blackhole”

Security expert at IntelCrawler, a cyber threat intelligence firm based in Los Angeles, discovered a new private exploit-kit called “Infinity” in the underground. It isn’t a distribution on a large-scale, authors reserved it to a limited underground customer base due to security concerns.

We explained the effect on the underground of the arrest of the author of “Blackhole” exploit-kit, Paunch, a growing number of malware authors started the sale of new malicious code.

In the image below shows the advertisement of new private exploit-kit Infinity (“Load on Infinity”).

exploit kit infinity

According investigation done by InterCrawler, the author of the exploit-kit Infinity appears to be a person with nickname “iny” / “pickness”, which credited as reliable on several private underground forums.

At the beginning of 2013 it seems the author “iny” has  created a post where he invites various cybercriminals to join the new exploit-kit project. He also mentioned that he is buying new types of vulnerabilities for famous client-side software. This collaborative strategy was also used by “Paunch” to maximize his exploit-kit with new vulnerabilities to increase the infection rate.” reports the InterCrawler official post.

The exploit is provided with model of sale know as malware-as-a-service, the first advertisements about the new exploit-kit Infinity offer it with the cost starting at 100 USD per day, the subscription includes also updates and technical support. The Exploit-Kit Infinity exploits vulnerabilities for IE11/10, Opera and Firefox.

exploit kit infinity 2

exploit kit infinity 3

IntelCrawler  threat intelligence team has already shared with the security community the appearance of the new exploit-kit Infinity in the underground.

“According to IntelCrawler, the Exploit-Kit Infinity might be a new replacement of “Blackhole”, which was actively used for infections of banking customers.”

Pierluigi Paganini

(Security Affairs –  Exploit-kit Infinity, malware)