Cybersecurity researchers have identified a new variant of the WastedLocker malware that exploits two scripting engine vulnerabilities in unpatched Internet Explorer web browsers. The new malware is based on the RIG Exploit Kit campaign and was first discovered by Bitdefender researchers in February 2021. Unlike the previous campaign, this new malware does not have the ransomware component. Since it simply acts as a loader, the researchers named it WastedLoader.
LaComparacion needs you! We're taking a look at how our readers are using VPNs for an upcoming in-depth report. We'd love to hear from you in the survey below. It won't take more than 60 seconds of your time.
Click here to start the survey in a new window
According to the researcher's analysis, the new WastedLoader campaign primarily targeted targets in Europe and America.
On-demand ransomware
In their analysis, the researchers note that the malware exploitation chain begins with malvertising placed on legitimate websites. By clicking on the malicious ad, potential victims are redirected to the "RIG EK" landing page, which then offers two exploits based on the two IE vulnerabilities. Both are individually capable of downloading and executing the malware. The campaign relies on proof-of-concept exploits for the two VBScript vulnerabilities to download, decrypt, and execute the malware. The researchers note that the authors even placed a fake icon and brief description of the malware to make it pass as a legitimate process. The malware works in four stages. After collecting details about the system, it sends them to its command and control (C2) server. Researchers claim that the malware downloads ransomware in the fourth stage. However, they were unable to test this because the C2 server did not respond to malware calls during the researcher's tests. Either way, the easiest mitigation for this malware is to switch to a different web browser. Microsoft Edge has become the default web browser for Windows 10, for all intents and purposes, providing only IE to maintain compatibility with older websites still using Microsoft's legacy web technologies.