Researchers at Trend Micro found that the blog of the UK newspaper The Independent was hacked, and the blog redirects to pages containing the Angler Exploit Kit.
According to a blog posted by Trend Micro fraud researcher Joseph C. Chen, the malware was silently injected into the system of readers who visited The Independent's blog since at least 21 November. Readers using systems that did not contain an updated Adobe Flash Player loaded the malware, Chen wrote.
The malware targets the CVE-2015-7645 vulnerability, a critical vulnerability in Flash Player that Adobe patched in October. On Monday, researchers at Malwarebytes discovered a malvertising attack on DailyMotion using the WWWPromoter network that targeted the same vulnerability.
In November 2014, The Independent, along with several other publications, was hacked by the Syrian Electronic Army, using the Gigya platform, a third-party marketing service owned by GoDaddy.