// THREAT DETECTION AND DATA PRIVACY TERM

Exploit Kit

An exploit kit is a software toolkit that automates the process of finding and attacking vulnerabilities in a user's web browser and its plugins. Cybercriminals use these kits, often hosted on compromised websites, to silently install malware onto a visitor's computer.

TECHNICAL DEFINITION

An Exploit Kit (EK) is a pre-packaged, automated software framework used by cyber threat actors to exploit vulnerabilities in web browsers and associated plugins (e.g., Adobe Flash, Java). Deployed on malicious landing pages or compromised websites, the EK profiles a victim's system, identifies a suitable vulnerability, and delivers a corresponding exploit payload, often resulting in a drive-by-download malware infection like ransomware or a banking Trojan.

BACKGROUND

Coruna is a sophisticated iOS exploit kit publicly disclosed on March 3, 2026. The kit, internally named "Coruna" by its developers, contains five complete exploit chains and 23 individual exploits targeting Apple iPhone models running iOS versions 13.0 through 17.2.1. It is the first documented case of a nation-state-grade iOS exploit framework proliferating from a commercial surveillance vendor into the hands of financially motivated cybercriminals.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • EK
  • exploit pack
  • attack kit
  • crimeware kit
  • web exploit kit
  • drive-by-download kit

USAGE NOTE

Exploit kits are often sold as a 'crime-as-a-service' offering, enabling less-skilled attackers to launch sophisticated campaigns.

DEVELOPERS

Organizations developing technology related to Exploit Kit.

  • Palo Alto Networks

    Develops cybersecurity platforms, including next-generation firewalls and the Cortex XDR solution, which use threat intelligence and behavioral analysis to detect and block the web-based traffic and malicious payloads characteristic of exploit kits.

  • CrowdStrike

    Provides the Falcon endpoint protection platform, which uses artificial intelligence and threat intelligence to identify and prevent exploit kit attacks by blocking the exploitation of vulnerabilities and the subsequent malware execution.

  • Mandiant (Google Cloud)

    A leading threat intelligence and incident response firm that investigates breaches involving exploit kits. They develop and provide threat intelligence feeds and security validation platforms that help organizations detect and defend against exploit kit campaigns.

  • Kaspersky

    A global cybersecurity company with a renowned research team that frequently discovers and analyzes new exploit kits. Their endpoint and network security products incorporate specific technologies to defend against drive-by downloads and browser exploitation.

  • Malwarebytes

    Specializes in security software that actively blocks access to malicious websites and infrastructure used by exploit kits. Their technology focuses on preventing the initial compromise by blocking the exploit delivery at the browser level.

  • Trend Micro

    Offers a suite of security products that provide multi-layered protection against exploit kits. Their technology includes web reputation services to block malicious URLs and virtual patching to shield unpatched vulnerabilities from being targeted.

  • Rapid7

    Develops the Metasploit Framework, a widely used open-source penetration testing tool. While used for legitimate security research and testing, it is a powerful exploitation framework that demonstrates the same principles used in malicious exploit kits.

  • The MITRE Corporation

    A non-profit organization that develops the ATT&CK Framework, a globally-accessible knowledge base of adversary tactics. This framework is a critical technology used by defenders to model, detect, and counter the techniques employed by exploit kits.

RELATED TERMS IN THREATS & ATTACKS