On 29 June 2015, ThreatPost reported that Magnitude included exploits for the recently patched zero-day vulnerability found in Adobe Flash Player and was delivering CryptoWall ransomware to Windows 7 computers running Internet Explorer 11. In 2015, the top victims of Magnitude included the United States, Iran, and Vietnam; however, the success rate varied greatly with the highest success rate being 68% in Vietnam and only a 9% success rate in the US. According to Malwarebytes, in 2016, Magnitude EK has been infecting victims with CryptoWall 4.0 ransomware by exploiting vulnerabilities in older versions of Adobe Flash Player. Magnitude EK is spreading through malvertising on pop-under ads, ads that appear behind the main browser window and remains open until the user manually closes them.
In April, visitors to the Pirate Bay website were infected with Cerber ransomware distributed by the Magnitude EK. During April and May, Angler and Nuclear EK activity significantly decreased, leading to an increase in activity from Magnitude EK, along with Neutrino and RIG EKs.
- June 2016: Magnitude EK activity increases as Angler and Nuclear EKs decrease. (Softpedia)
- May 2016: Magnitude EK exploiting recently patched Adobe Flash Player vulnerability. (PointB+Beyond)