34 matches found
Internet Explorer users still targeted by RIG exploit kit
Despite a very slim browser market share, Internet Explorer IE is still being exploited by exploit kits like the RIG exploit kit EK. One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life EOL, which means it no longer receives...
Researchers Share New Insights Into RIG Exploit Kit Malware's Operations
The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...
Researchers Share New Insights Into RIG Exploit Kit Malware's Operations
The RIG exploit kit EK touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News...
RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer
The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily...
MakeMoney malvertising campaign adds fake update template
Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely move away from drive-by downloads via exploit kit. In this quick blog post, we will look at this ne...
New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer
A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system including username, hardware, browsers installed, anti-virus...
This Week in Security News: Hijacks and Healthcare
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Singapore looks into the effectiveness of virtual browsers in an attempt to reduce cyberattacks on healthcare systems. Also, cybercriminals...
Kronos Banking Trojan Surfaces After Years of Silence
The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying code and are actively targeting victims in Germany, Japan and Poland. The latest variant has incorporated a new command-and-control feature designed to work with the Tor...
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
Introduction Through FireEye Dynamic Threat Intelligence DTI, we observed RIG Exploit Kit EK delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner similar activity has been reported by Trend Micro. Apart from leveraging a...
RIG Exploit Kit URL
RIG exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...
RIG malvertising campaign uses cryptocurrency theme as decoy
For a couple of weeks, we have been observing a malvertising campaign that uses decoy websites to redirect users to the RIG exploit kit. Those sites, whose theme is about cryptocurrencies, were all registered recently and are swapped after a few days of use. The initial redirection starts off fro...
GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated)
This post was authored by Vasilios Hioueras and Jérôme Segura Update 2018-02-02: GandCrab is delivered via Necurs malicious spam 1. Update 2018-02-01: GandCrab is now also spread via the EITest campaign 2 3. - - Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, ...
A coin miner with a “Heaven’s Gate”
You might call the last two years the years of ransomware. Ransomware was, without a doubt, the most popular type of malware. But at the end of last year, we started observing that ransomware was losing its popularity to coin miners. It is very much possible that this trend will grow as 2018...
A week in security (January 8 – January 14)
It's very early in the year, yet everyone has already had a complete meltdown pun intended over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems i...
RIG exploit kit campaign gets deep into crypto craze
There isn't a day that goes by without a headline about yet another massive spike in Bitcoin valuation, or a story about someone mortgaging their house to purchase the hardware required to become a serious cryptocurrency miner. If many folks are thinking about joining the 'crypto craze' movement,...
A week in security (August 28 – September 3)
Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived into Locky, again, a ransomware that just made a comeback, and found that its latest variant as of this writing has anti-sandboxing capabilities. This means that once Locky has...
RIG exploit kit distributes Princess ransomware
We have identified a new drive-by download campaign that distributes the Princess ransomware AKA PrincessLocker, leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads. We had analyzed the PrincessLocker...
40,000 Subdomains Tied to RIG Exploit Kit Shut Down
Tens of thousands of illegally established subdomains used by criminals involved with the RIG Exploit Kit were recently taken down after an investigation revealed that hackers were phishing domain account credentials to set up these subdomains. Most of the subdomains used GoDaddy as the primary...
RIG Exploit Kit Landing Page URL
RIG exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...
CryptoShield Infections from RIG EK Picking Up
The RIG Exploit Kit remains fairly active despite an overall decline in such activity, and of late, it’s been spreading a fairly new variant of ransomware called CryptoShield. The main culprit is an attack group known for using EITest to deliver malware; it has been infecting victims’ machines vi...