The Spelevo exploit kit has been spotted by security researchers while infecting victims with Maze Ransomware payloads via a new malicious campaign that exploits a Flash Player use after free vulnerability.

Maze Ransomware, a variant of Chacha Ransomware, was initially found by Malwarebytes security researcher Jérôme Segura in May.

The researcher found that the ransomware was being distributed using the Fallout exploit kit via a fake site camouflaged as a legitimate cryptocurrency exchange app.

Segura told BleepingComputer that the attackers created a fake Abra cryptocurrency site to buy ad network traffic which was later used to redirect visitors to the exploit kit landing page under certain conditions.