New WastedLoader Campaign Delivered Through RIG Exploit Kit

In February 2021, Bitdefender researchers have identified a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers (CVE-2019-0752 and CVE-2018-8174).
The delivered malware looks like a new variant of WastedLocker, but this new sample is missing the ransomware part, which is probably downloaded from the C&C servers. Because it works like a loader for the downloaded payload, we named it WastedLoader.
Key findings:
- WastedLoader campaign discovered in February 2021 and is still active.
- The campaign targets unpatched IE Explorer browsers using known VBScript vulnerabilities.
- Users get infected by visiting a legit website, with no extra interaction required
- Bitdefender researchers rebuilt the kill-chain and gathered all the tools used in this attack.
Recommendations
Bitdefender is urging organizations to ensure that browser, operating system, and third party software are up to date. Endpoint Protection and Endpoint Detection and Response solutions can help organizations minimize the impact of this threat.
A full analysis of the campaign is available in the whitepaper below:
tags
Author
Right now
Top posts
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021