Security News > 2022 > April > RIG Exploit Kit drops RedLine malware via Internet Explorer bug
Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware.
The threat actors use the exploit to compromise the machine and deploy RedLine, a cheap but powerful info-stealing malware widely circulated on Russian-speaking forums.
Today, RIG Exploit has lost its prestigious status but some threat actors still find it useful to deliver malware, as was the case last year, when it dropped WastedLoader malware.
The recent campaign was discovered by researchers at Bitdefender, who found that RIG EK incorporates CVE-2021-26411 to initiate an infection process that smuggles a copy of RedLine stealer on the target in packed form.
Redline has been previously distributed via fake Valorant cheats on YouTube, fake Omicron stat counter apps, fake Windows 11 upgrades, and malicious Microsoft Excel XLL add-ins.
While these methods require user action and target a wider audience, the addition of the RIG Exploit Kit automates the infection process but limits the victim set to those that still run a vulnerable version of Internet Explorer.
News URL
Related news
- Malicious ads exploited Internet Explorer zero day to drop malware (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-26411 | Use After Free vulnerability in Microsoft Edge and Internet Explorer Internet Explorer Memory Corruption Vulnerability | 8.8 |