After the fall of the Nuclear and Angler exploit kits (EKs), overall activity generated from exploit kits has dropped toonly a fraction of what used to be. Cybercriminals, however, are attempting to take advantage of this gap with new threats, including the recently observed "Terror" exploit kit.
Unlike other toolkits, Terror stands out in the crowd because its author(s) appears to be doing everything on their own. The developer has been actively updating the threat over the past several weeks, and is using the EK to drop a cryptocurrency miner to the compromised machines, which is effective enough for a one-man operation, Trustwave security researchers say.
The new Terror EK was observed packing no less than eight 8 different operational exploits, including CVE-2014-6332 and CVE-2016-0189 for Internet Explorer, CVE-2015-5119 and CVE-2015-5122 for Adobe Flash, CVE-2013-1670/CVE-2013-1710, CVE-2014-1510/CVE-2014-1511, CVE-2014-8636, and CVE-2015-4495 for Firefox.