Security News > 2022 > April > RIG Exploit Kit drops RedLine malware via Internet Explorer bug

RIG Exploit Kit drops RedLine malware via Internet Explorer bug
2022-04-27 13:35

Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware.

The threat actors use the exploit to compromise the machine and deploy RedLine, a cheap but powerful info-stealing malware widely circulated on Russian-speaking forums.

Today, RIG Exploit has lost its prestigious status but some threat actors still find it useful to deliver malware, as was the case last year, when it dropped WastedLoader malware.

The recent campaign was discovered by researchers at Bitdefender, who found that RIG EK incorporates CVE-2021-26411 to initiate an infection process that smuggles a copy of RedLine stealer on the target in packed form.

Redline has been previously distributed via fake Valorant cheats on YouTube, fake Omicron stat counter apps, fake Windows 11 upgrades, and malicious Microsoft Excel XLL add-ins.

While these methods require user action and target a wider audience, the addition of the RIG Exploit Kit automates the infection process but limits the victim set to those that still run a vulnerable version of Internet Explorer.


News URL

https://www.bleepingcomputer.com/news/security/rig-exploit-kit-drops-redline-malware-via-internet-explorer-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-11 CVE-2021-26411 Use After Free vulnerability in Microsoft Edge and Internet Explorer
Internet Explorer Memory Corruption Vulnerability
network
low complexity
microsoft CWE-416
8.8