Security News > 2023 > February > Researchers Share New Insights Into RIG Exploit Kit Malware's Operations
The RIG exploit kit touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal.
Exploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers.
As a result, visitors using a vulnerable version of a browser to access an actor-controlled web page or a compromised-but-legitimate website are redirected using malicious JavaScript code to a proxy server, which, in turn, communicates with an exploit server to deliver the appropriate browser exploit.
The exploit server, for its part, detects the user's browser by parsing the User-Agent string and returns the exploit that "Matches the pre-defined vulnerable browser versions."
"The artful design of the Exploit Kit allows it to infect devices with little to no interaction from the end user," the researchers said.
"Overall, RIG EK runs a very fruitful business of exploit-as-a-service, with victims across the globe, a highly effective exploit arsenal and numerous customers with constantly updating malware," the researchers said.
News URL
https://thehackernews.com/2023/02/researchers-share-new-insights-into-rig.html
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Researchers discover first UEFI bootkit malware for Linux (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)