The Stamp EK exploit kit is used to push the malware onto computers
Cybercriminals have flooded GitHub and SourceForge with malicious links in an effort to distribute pieces of ransomware with the aid of the Stamp EK exploit kit.GFI Labs experts reveal that the links appear to point to adult pictures of celebrities. Users who click on them are taken to a fake YouTube page or to a website hosting explicit pictures.
These websites host the Stamp EK exploit kit, which pushes a piece of ransomware onto the victims’ computers.
The pieces of ransomware observed by researchers are variants of Weelsof or Reveton. Once they infect a device, the malicious elements lock the screen, accuse the victim of accessing illegal content, and demand the payment of a $300 (225 EUR) fine.
The webpages that host the exploit kit are being taken down. In addition, GitHub and SourceForge are also in the process of cleaning up the spam links.
In the meantime, users are advised to avoid clicking on any shady links on GitHub or SourceForge. Also, if your computer is infected with ransomware, don’t pay up. Instead, use a removal tool or a rescue disk to get rid of it.