14 DAY TRIAL // A few days ago, Trend Micro researchers reported spotting file infectors of the PE_EXPIRO family that had the ability to steal information. It turns out that the exploit kit used to distribute the threat is none other than Styx, the kit that, according to experts, is becoming more and more prevalent.
Styx is more popular among cybercriminals because it distributes the malicious script on multiple pages connected to each other via HTTP redirecting. In addition, Styx is different from other exploit kits because it accesses data across iframes via JavaScript.
Interestingly, in this case, Styx exploits an old Adobe Reader and Adobe Acrobat vulnerability (CVE-2010-0188) to push malware.
“The use of an old vulnerability and the enhancement of the PE_EXPIRO malware is further proof that older, though more refined, threats are still present in today’s landscape,” Trend Micro experts explained.