Here's yet another reason not to use Internet Explorer
The malware spreads via malicious online ads on legitimate websites
Cybersecurity researchers have identified a new variant of the WastedLocker malware that exploits two scripting engine vulnerabilities in unpatched Internet Explorer web browsers.
The new malware builds on the RIG Exploit Kit campaign, and was first discovered by Bitdefender researchers in February 2021.
Unlike the earlier campaign, this new malware is missing the ransomware component. Since it merely acts as a loader, the researchers have named it WastedLoader.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- These are the best endpoint protection tools
- Here's our choice of the best malware removal software on the market
- Check our list of the best firewall apps and services
According to the researcher's analysis, the new WastedLoader campaign mostly attacked targets in Europe and the Americas.
Ransomware on demand
In their analysis, the researchers note that the malware’s exploitation chain starts with a malicious ad that’s put up on legitimate websites.
Clicking the malicious ad redirects potential victims to the landing page of “RIG EK”, which then serves two exploits based on the two IE vulnerabilities. Both of them are individually capable of downloading and executing the malware.
The campaign builds on proof-of-concept exploits for the two VBScript vulnerabilities to download, decrypt, and execute the malware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The researchers note that the authors even put up an icon and a brief fake description for the malware to make it look like a legitimate process.
The malware works in four stages. After gathering details about the system, it sends them to its command & control (C2) server.
The researchers posit that the malware downloads a ransomware in the fourth stage. However they’ve been unable to put this to test as the C2 server failed to respond to the malware’s calls during the researcher’s tests.
In any case, the simplest mitigation for this malware is to switch to another web browser. Microsoft Edge has become the default web browser in Windows 10, for all intents and purposes, which only keeps IE around to maintain compatibility with older websites that still use legacy Microsoft web technologies.
- Protect your devices with these best antivirus software
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.