<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=885880844953016&amp;ev=PageView&amp;noscript=1">

The King is Dead, Long live the King: Angler May Have Disappeared but Neutrino Quickly Fills In

Posted by Michael Gorelik on July 6, 2016
Find me on:

Angler Hangs Up Its Pole

Back in April, more than 80% of drive by download attacks were attributed to Angler. Now? Nearly zero. Speculation abounds regarding its disappearance earlier this month. A vacation by Angler operators? Black market price wars? But the close timing to the roundup in Russia of 50 criminals associated with the Lurk banking Trojan attacks seems the most likely culprit. In this case, Angler may be off the table for good. Unfortunately, Angler’s apparent demise didn’t slow down cyber criminals for long; they simply switched to Neutrino.

The Return of Neutrino

Neutrino has been around even longer than Angler, first reported in March 2013 by Kafeine on his Malware don't need Coffee blog. While it lacks some of the sophisticated detection evasion mechanisms of Angler, it’s still plenty destructive, especially as a delivery vector for ransomware. Like Angler and many other exploit kits, Neutrino is tied to organized crime groups that operate sophisticated infrastructures which include everything from malware development to command and control servers. This malware-as-a -service business model means new variants can be applied immediately. The latest reported Neutrino-based attack involved malicious JavaScript code on a popular anime site that redirected visitors to the Neutrino EK. The payload was the revamped CryptXXX ransomware.

Morphisec Against Neutrino

For Morphisec, the payload is irrelevant as Neutrino never even gets the chance to execute. In the below video, see what a Neutrino attack looks like (without Morphisec), which other security agents block it (spoiler alert – almost none), and how Morphisec quickly tackles the threat.


New Call-to-action


Subscribe to our blog

Stay in the loop with industry insight, cyber security trends, and cyber attack information and company updates.

New call-to-action

Search Our Site

    Recent Posts

    Posts by Tag

    See all