VERY IMPORTANT

MalwareBytes have been monitoring a malvertising campaign very closely as it really soared during the past week. The actors involved seem to be the same as the ones behind the self sufficient Flash malverts/exploits we’ve documented before and also reported by security researcher Kafeine (Spartan EK). One single domain (easy-trading.biz) is relaying all traffic to other ‘ad networks’ and ultimately to the Nuclear exploit kit. That domain still hosts the malicious Flash file (CVE-2015-7645) that it previously used in standalone attacks.