During Kaspersky Lab's analysis, the exploit code was fully functional.
However, it didn't deliver any payload, but this may change in the near future, according to Kaspersky research. Since July 23, the mobile component of the campaign has been disrupted, as the command and control server started sending 'Uninstall' commands to mobile victims, effectively deleting the malicious application. However, the rest of the malicious components for PC users -- including the exploit kit -- are still active.
The malware was first described by a security researcher named Kaffeine. Kaspersky Lab has shared its findings with both Europol and Interpol, and is currently cooperating with law enforcement agencies to explore possibilities for shutting down the infrastructure.
Sign up for CIO Asia eNewsletters.