Anti-Malware Research Whitepapers
1 min read

New WastedLoader Campaign Delivered Through RIG Exploit Kit

Mihai NEAGUStefan Octavian TRIFESCUGeorge MIHALIAron RADU

May 18, 2021

New WastedLoader Campaign Delivered Through RIG Exploit Kit

In February 2021, Bitdefender researchers have identified a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers (CVE-2019-0752 and CVE-2018-8174).

The delivered malware looks like a new variant of WastedLocker, but this new sample is missing the ransomware part, which is probably downloaded from the C&C servers. Because it works like a loader for the downloaded payload, we named it WastedLoader.

Key findings:

  • WastedLoader campaign discovered in February 2021 and is still active.
  • The campaign targets unpatched IE Explorer browsers using known VBScript vulnerabilities.
  • Users get infected by visiting a legit website, with no extra interaction required
  • Bitdefender researchers rebuilt the kill-chain and gathered all the tools used in this attack.

Recommendations

Bitdefender is urging organizations to ensure that browser, operating system, and third party software are up to date. Endpoint Protection and Endpoint Detection and Response solutions can help organizations minimize the impact of this threat.

A full analysis of the campaign is available in the whitepaper below:

Download the whitepaper

tags

Anti-Malware Research Whitepapers

Author

Mihai NEAGU

Mihai NEAGU

Passionate about reverse engineering, Mihai worked on malware analysis and detection techniques in the past. Now he is doing research on exploit detection and mitigation for Windows applications.

View all posts
Stefan Octavian TRIFESCU

Stefan Octavian TRIFESCU

As a Security Researcher in Bitdefender's anti-exploit team, I am passionate about binary exploitation, reverse engineering, and programming.

View all posts
George MIHALI

George MIHALI

I am a security researcher in the GEMMA team, passionate about reverse engineering and malware analysis. In the spare time, I participate in CTF contests. I am also passionate about forensics.

View all posts
Aron RADU

Aron RADU

Aron is a security researcher in the GEMMA team. Passionate about cybersecurity in general, he is mostly interested in binary exploitation. He also enjoys playing CTFs in the spare time.

View all posts

Right now

Top posts

A Note from the Bitdefender Labs Team on Ransomware and Decryptors
Miscellaneous

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group
Anti-Malware Research Whitepapers

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.
Anti-Malware Research Free Tools

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA

You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Anti-Malware Research
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE

July 21, 2021

9 min read
Debugging MosaicLoader, One Step at a Time
Anti-Malware Research
Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU

July 20, 2021

1 min read
Trickbot Activity Increases; new VNC Module On the Radar
Anti-Malware Research
Trickbot Activity Increases; new VNC Module On the Radar
Bogdan BOTEZATURadu TUDORICA

July 12, 2021

1 min read