Anti-Malware Research Whitepapers

New WastedLoader Campaign Delivered Through RIG Exploit Kit

In February 2021, Bitdefender researchers have identified a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers (CVE-2019-0752 and CVE-2018-8174).

The delivered malware looks like a new variant of WastedLocker, but this new sample is missing the ransomware part, which is probably downloaded from the C&C servers. Because it works like a loader for the downloaded payload, we named it WastedLoader.

Key findings:

  • WastedLoader campaign discovered in February 2021 and is still active.
  • The campaign targets unpatched IE Explorer browsers using known VBScript vulnerabilities.
  • Users get infected by visiting a legit website, with no extra interaction required
  • Bitdefender researchers rebuilt the kill-chain and gathered all the tools used in this attack.

Recommendations

Bitdefender is urging organizations to ensure that browser, operating system, and third party software are up to date. Endpoint Protection and Endpoint Detection and Response solutions can help organizations minimize the impact of this threat.

A full analysis of the campaign is available in the whitepaper below:

Download the whitepaper

About the author

Mihai Neagu

Passionate about reverse engineering, Mihai worked on malware analysis and detection techniques in the past. Now he is doing research on exploit detection and mitigation for Windows applications.

About the author

Stefan Octavian TRIFESCU

As a Security Researcher in the Bitdefender's antiexploit team I am passionated about binary exploitation, reverse engineering and programming. In my spear time I use to participate on CTF competitions being especially attracted by the PWN(binary exploitation) challenges. I enjoy analyzing and understanding how exploits work in order to be able to detect them and sometimes develop my own ones.

About the author

George MIHALI

I am a security researcher at GEMMA team (Generic Exploit Mitigations for Mainstream Applications), passionate about reverse engineering and malware analysis. In the spare time, I participate in Capture the Flag contests. I am also passionate about forensics.

About the author

Aron RADU

Aron is a security researcher in the Generic Exploit Mitigations for Mainstream Applications (GEMMA) team. Passionate about cybersecurity in general, he is most interested in binary exploitation because he thinks it is like magic. He also enjoys playing CTFs in the spare time.

Add Comment

Click here to post a comment