Following the drop in activity surrounding exploit kits (EK), security researchers have picked up on the evolution of one threat they believe is gaining momentum.

Experts at Cisco Talos have followed the changes in the Terror exploit kit, which new enhancements include anti-detection features, and Javascript code that evaluates the victim’s browser environment, according to a blog post by Cisco Talos researchers Holger Unterbrink and Emmanuel Tacheau.

Following the demise of the Angler exploit kit, which was credited for the lion’s share of EK activity, new exploit kits surfaced whose quality didn’t match its predecessor’s, according  to reports  by Threat Post. The Terror EK, however, has managed to catch the attention of experts due to its “fast evolution up to the latest version.”

“We identified a potentially compromised legitimate website acting as a malware gate, redirecting visitors initially to a RIG exploit kit landing page, then switching to Terror exploit kit one day later,” Unterbrink and Tacheau wrote. “This may indicate how these campaigns collaborate and share resources, or possibly one campaign pirating another.”