A Java-focused exploit kit has been uncovered hitting the platform mere hours after Oracle and Apple released a patch update to fix two zero-day vulnerabilities.
Webroot reported detecting a new exploit kit it believes stems from a minor cyber criminal group selling for as little as $40 per day on Tuesday.
"Yesterday, a relatively unknown group of cybercriminals publicly announced the availability of a new web malware exploitation kit," wrote Webroot's Dancho Danchev
"What's so special about it is the fact that its current version is entirely based on Java exploits."
According to Webroot, access to the exploit kit is being offered to on a rental basis - exploit kit-as-a-service - hosted on severs owned by the criminals, which they claim to have tightly secured. It is being offered out at $40 for 24 hours use, $150 for a week and $450 for a month.
Webroot said the budget nature of the kit combined with the high levels of publicity around the Java platform's security issues has hampered the kit's success rate.
"Would this newly released exploit kit cause any widespread damage internationally? We doubt so, due to the fact that some of the most recent Java vulnerabilities received massive media coverage, prompting enterprises and end users to permanently disable it," wrote Danchev.
"The overall infection rate for the campaign was 9.5 percent, a pretty low one taking into consideration the fact that competing web malware exploitation kits tend to exploit a much more diversified set of client-side vulnerabilities, consequently, achieving higher exploitation rates."
Danchev said the majority of the infected machines are US-based systems running Windows NT 6.1 and Windows XP, with a small number also being detected on Mac OS X hosts.
The news comes during pandemic of Java based exploits. Oracle and Apple were forced to release out of cycle security patches following the discovery of two Java zero day vulnerabilities late on Monday.
Prior to the exploit kit's discovery security firm F-Secure warned that Java has become cyber criminals' current victim of choice in its 2012 H2 Threat Report in February.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago