The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesn’t like it when its victims utilize Google’s Chrome web browser.
According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, they’re presented with a “loading” or a “please wait” message, while in the background they are redirected to the exploit pages that infect their computers with a piece of malware.
However, this only happens if the victim uses browsers such as Internet Explorer or Firefox.
During the attack, when users are redirected to the exploit pages, a script checks the user agent to identify which browser is utilized.
If Chrome is detected, the victims are not redirected to the BlackHole page. Instead, they’re taken to another malicious webpage where they’re urged to install a rogue Chrome update.
This happens because BlackHole uses vulnerabilities in popular applications – such as Adobe Reader, Java and the browser itself – to push malware onto the victim’s device. However, since Chrome renders PDF files by using its built-in reader, and it asks users for permission before running a Java applet, BlackHole cannot succeed in its malicious task.