12 December 18, 13:50
Quote:Trend Micro's security researchers discovered multiple campaigns during September and October that wielded the Novidade exploit kit capable of changing Domain Name System (DNS) settings on home and SOHO routers with the help of cross-site request forgery (CSRF) attacks.
The attackers employ this the exploit kit to attack victims using both desktop and mobile devices, with the vast majority of malware campaigns that utilized it targeting banking credentials of Brazillian customers.
Novidade can exfiltrate banking info from its targets by changing vulnerable routers' DNS settings to those of maliciously configured servers controlled by its masters, allowing them to carry out pharming attacks on all devices connected to the compromised router.
As discovered by Trend Micro, the first Novidade samples were unearthed during August 2017, with two separate strains spotted in the wild until now while being used in multiple campaigns.
This leads to the conclusion that the exploit kit has either been sold or shared between multiple threat groups, or that its source code has been inadvertently leaked and modified by other groups to suit their needs and, subsequently, being added to their toolset.
Source: https://news.softpedia.com/news/new-novi...4230.shtml