Cybersecurity (opens in new tab) researchers have identified a new variant of the WastedLocker malware that exploits two scripting engine vulnerabilities in unpatched Internet Explorer web browsers (opens in new tab).
The new malware builds on the RIG Exploit Kit campaign, and was first discovered by Bitdefender (opens in new tab) researchers in February 2021.
Unlike the earlier campaign, this new malware is missing the ransomware (opens in new tab) component. Since it merely acts as a loader, the researchers have named it WastedLoader.
- These are the best endpoint protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- Check our list of the best firewall apps and services (opens in new tab)
According to the researcher's analysis, the new WastedLoader campaign (opens in new tab) mostly attacked targets in Europe and the Americas.
Ransomware on demand
In their analysis, the researchers note that the malware’s exploitation chain starts with a malicious ad that’s put up on legitimate websites.
Clicking the malicious ad redirects potential victims to the landing page of “RIG EK”, which then serves two exploits based on the two IE vulnerabilities. Both of them are individually capable of downloading and executing the malware.
The campaign builds on proof-of-concept exploits for the two VBScript vulnerabilities to download, decrypt, and execute the malware.
The researchers note that the authors even put up an icon and a brief fake description for the malware to make it look like a legitimate process.
The malware works in four stages. After gathering details about the system, it sends them to its command & control (C2) server.
The researchers posit that the malware downloads a ransomware in the fourth stage. However they’ve been unable to put this to test as the C2 server failed to respond to the malware’s calls during the researcher’s tests.
In any case, the simplest mitigation for this malware is to switch to another web browser. Microsoft Edge has become the default web browser in Windows 10, for all intents and purposes, which only keeps IE around to maintain compatibility with older websites that still use legacy Microsoft web technologies.
- Protect your devices with these best antivirus software (opens in new tab)