Here’s yet another reason not to use Internet Explorer
The malware spreads via malicious online ads on legitimate websites
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurityresearchers have identified a new variant of the WastedLocker malware that exploits two scripting engine vulnerabilities in unpatched Internet Explorerweb browsers.
The new malware builds on the RIG Exploit Kit campaign, and was first discovered byBitdefenderresearchers in February 2021.
Unlike the earlier campaign, this new malware is missing theransomwarecomponent. Since it merely acts as a loader, the researchers have named it WastedLoader.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
According to the researcher’s analysis, thenew WastedLoader campaignmostly attacked targets in Europe and the Americas.
Ransomware on demand
In their analysis, the researchers note that the malware’s exploitation chain starts with a malicious ad that’s put up on legitimate websites.
Clicking the malicious ad redirects potential victims to the landing page of “RIG EK”, which then serves two exploits based on the two IE vulnerabilities. Both of them are individually capable of downloading and executing the malware.
The campaign builds on proof-of-concept exploits for the two VBScript vulnerabilities to download, decrypt, and execute the malware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The researchers note that the authors even put up an icon and a brief fake description for the malware to make it look like a legitimate process.
The malware works in four stages. After gathering details about the system, it sends them to its command & control (C2) server.
The researchers posit that the malware downloads a ransomware in the fourth stage. However they’ve been unable to put this to test as the C2 server failed to respond to the malware’s calls during the researcher’s tests.
In any case, the simplest mitigation for this malware is to switch to another web browser.Microsoft Edgehas become the default web browser inWindows 10, for all intents and purposes, which only keeps IE around to maintain compatibility with older websites that still use legacyMicrosoftweb technologies.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Don’t search for information on cats at work — you could be at risk of being hacked
This dangerous new malware is hitting Windows devices by hiding in games
Undermining your privacy? Session says no and leaves Australia
