Security News > 2022 > April > RIG Exploit Kit drops RedLine malware via Internet Explorer bug
Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware.
The threat actors use the exploit to compromise the machine and deploy RedLine, a cheap but powerful info-stealing malware widely circulated on Russian-speaking forums.
Today, RIG Exploit has lost its prestigious status but some threat actors still find it useful to deliver malware, as was the case last year, when it dropped WastedLoader malware.
The recent campaign was discovered by researchers at Bitdefender, who found that RIG EK incorporates CVE-2021-26411 to initiate an infection process that smuggles a copy of RedLine stealer on the target in packed form.
Redline has been previously distributed via fake Valorant cheats on YouTube, fake Omicron stat counter apps, fake Windows 11 upgrades, and malicious Microsoft Excel XLL add-ins.
While these methods require user action and target a wider audience, the addition of the RIG Exploit Kit automates the infection process but limits the victim set to those that still run a vulnerable version of Internet Explorer.
News URL
Related news
- Malicious ads exploited Internet Explorer zero day to drop malware (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-11 | CVE-2021-26411 | Use After Free vulnerability in Microsoft Edge and Internet Explorer Internet Explorer Memory Corruption Vulnerability | 8.8 |