Trend Micro researchers say that cybercriminals are testing out a new toolkit. It has been dubbed Whitehole and it’s designed to exploit five vulnerabilities, including CVE-2013-0422, the flaw leveraged by both Cool and BlackHole to distribute ransomware.
Detected by Trend Micro as JAVA_EXPLOYT.NTW, the Whitehole exploit kit downloads ransomware and a variant of the notorious ZeroAccess malware, a threat capable of terminating certain processes and downloading additional malicious files.
Whitehole is currently sold for prices ranging between $200 (150 EUR) and $1,800 (1,350 EUR), but it’s still in “test-release” mode.
Its capabilities include evading anti-malware solutions, preventing Google Safe Browsing from blocking it, and downloading 20 files all at once.
“Given Whitehole’s current state, we may be seeing more noteworthy changes to the exploit kit these coming months,” Jonh Paul Chua, a threat response engineer at Trend Micro, explained.