WastedLoader: Cyber criminals target unpatched Internet Explorer with malvertising. With WastedLoader, Bitdefender has discovered a new variant of the dangerous ransomware malware "WastedLocker".
A malicious ad malware on a legitimate website redirects to the RIG EK landing page, which played two exploits (Image: Bitdefender).
It is part of a new RIG exploit kit campaign and attacks users via unpatched versions of Internet Explorer. The campaign uses VBScript vulnerabilities for this purpose when users visit a legitimate website and click on malicious advertising (malvertising). The variant is also able to deliver a ransomware component, but does not yet do so in its current version.
WastedLoader ransomware
The new variant, called WastedLoader by Bitdefender, communicates with a Command & Control server that acts as a downloader to inject various payloads into memory. The campaign was discovered in February 2021 and is still active. Bitdefender strongly advises businesses and users to apply the latest patches to the Internet Explorers they use. Bitdefender endpoint security and EDR solutions protect users.
Bitdefender researchers were able to reconstruct the WastedLoader kill chain and identify all the tools required to date in this attack. All WastedLoader documentation can be downloaded from Bitdefender online.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de