Here's yet another reason not to use Internet Explorer

By Mayank Sharma
published

The malware spreads via malicious online ads on legitimate websites

Hacked off
(Image credit: Shutterstock)

Cybersecurity (opens in new tab) researchers have identified a new variant of the WastedLocker malware that exploits two scripting engine vulnerabilities in unpatched Internet Explorer web browsers (opens in new tab).

The new malware builds on the RIG Exploit Kit campaign, and was first discovered by Bitdefender (opens in new tab) researchers in February 2021.

Unlike the earlier campaign, this new malware is missing the ransomware (opens in new tab) component. Since it merely acts as a loader, the researchers have named it WastedLoader.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

According to the researcher's analysis, the new WastedLoader campaign (opens in new tab) mostly attacked targets in Europe and the Americas.

Ransomware on demand

In their analysis, the researchers note that the malware’s exploitation chain starts with a malicious ad that’s put up on legitimate websites. 

Clicking the malicious ad redirects potential victims to the landing page of “RIG EK”, which then serves two exploits based on the two IE vulnerabilities. Both of them are individually capable of downloading and executing the malware.

The campaign builds on proof-of-concept exploits for the two VBScript vulnerabilities to download, decrypt, and execute the malware.

The researchers note that the authors even put up an icon and a brief fake description for the malware to make it look like a legitimate process. 

The malware works in four stages. After gathering details about the system, it sends them to its command & control (C2) server. 

The researchers posit that the malware downloads a ransomware in the fourth stage. However they’ve been unable to put this to test as the C2 server failed to respond to the malware’s calls during the researcher’s tests.

In any case, the simplest mitigation for this malware is to switch to another web browser. Microsoft Edge has become the default web browser in Windows 10, for all intents and purposes, which only keeps IE around to maintain compatibility with older websites that still use legacy Microsoft web technologies. 

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

See more Computing news