For HomeFor BusinessFor Partners
Anti-Malware Research Whitepapers
1 min read

New WastedLoader Campaign Delivered Through RIG Exploit Kit

Mihai NEAGUStefan Octavian TRIFESCUGeorge MIHALIAron RADU

May 18, 2021

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New WastedLoader Campaign Delivered Through RIG Exploit Kit

In February 2021, Bitdefender researchers have identified a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers (CVE-2019-0752 and CVE-2018-8174).

The delivered malware looks like a new variant of WastedLocker, but this new sample is missing the ransomware part, which is probably downloaded from the C&C servers. Because it works like a loader for the downloaded payload, we named it WastedLoader.

Key findings:

  • WastedLoader campaign discovered in February 2021 and is still active.
  • The campaign targets unpatched IE Explorer browsers using known VBScript vulnerabilities.
  • Users get infected by visiting a legit website, with no extra interaction required
  • Bitdefender researchers rebuilt the kill-chain and gathered all the tools used in this attack.

Recommendations

Bitdefender is urging organizations to ensure that browser, operating system, and third party software are up to date. Endpoint Protection and Endpoint Detection and Response solutions can help organizations minimize the impact of this threat.

A full analysis of the campaign is available in the whitepaper below:

Download the whitepaper

tags

Anti-Malware Research Whitepapers

Author

Mihai NEAGU

Mihai NEAGU

Passionate about reverse engineering, Mihai worked on malware analysis and detection techniques in the past. Now he is doing research on exploit detection and mitigation for Windows applications.

View all posts
Stefan Octavian TRIFESCU

Stefan Octavian TRIFESCU

As a Security Researcher in Bitdefender's anti-exploit team, I am passionate about binary exploitation, reverse engineering, and programming.

View all posts
George MIHALI

George MIHALI

I am a security researcher in the GEMMA team, passionate about reverse engineering and malware analysis. In the spare time, I participate in CTF contests. I am also passionate about forensics.

View all posts
Aron RADU

Aron RADU

Aron is a security researcher in the GEMMA team. Passionate about cybersecurity in general, he is mostly interested in binary exploitation. He also enjoys playing CTFs in the spare time.

View all posts

Right now Top posts

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
Anti-Malware Research

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware

June 08, 2023

5 min read
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
IoT Research Whitepapers

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

May 02, 2023

2 min read
EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Anti-Malware Research Free Tools

Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor

January 05, 2023

1 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Anti-Malware Research

Inside Bitdefender Labs’ Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Andrei ANTON-AANEIAlina BÎZGĂ

November 18, 2024

6 min read
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
Anti-Malware Research

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Anti-Malware Research Whitepapers

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender

May 22, 2024

2 min read

Bookmarks

loader