Home Cyber Attack New RIG Exploit Kit Campaign Drops Redline Stealer Malware

New RIG Exploit Kit Campaign Drops Redline Stealer Malware

by Abeerah Hashim

Researchers have discovered a new malicious campaign that exploits an Internet Explorer vulnerability. This campaign involves the RIG Exploit Kit that infects target systems with Redline Stealer malware.

RIG Exploit Kit Deploying Redline Stealer

According to a recent post from Bitdefender, the researchers have caught a new RIG Exploit Kit campaign in the wild, dropping Redline Stealer.

The latest malicious campaign exploits an Internet Explorer vulnerability, CVE-2021-26411. Discovered last year, this vulnerability would allow an attacker to execute codes on the target system via a maliciously crafted HTML file. The bug affected Internet Explorer and Microsoft Edge browsers.

Microsoft patched it in March 2021, when it found the vulnerability under attack. However, it seems that the recent RIG EK campaign exploits the usual negligence in patching systems. Hence, despite the fix, the campaign successfully exploits the bug to infect systems with Redline Stealer.

Specifically, the Redline Stealer is a potent data-stealing malware. Explaining its activities, the researchers stated in their post,

If executed, the stealer exfiltrates passwords, cookies and credit card data saved in browsers, as well as crypto wallets, chat logs, VPN login credentials and text from files as per the instructions received from the C2 infrastructure.

Besides, Bitdefender has also shared a detailed white paper on Redline Stealer malware.

The recent campaign is the second instance lately that disseminates Redline Stealer. Before RIF Exploit Kit, a new malware “ZingoStealer” made it to the news for executing malicious attacks that also included dropping Redline Stealer on target systems.

Researchers have advised users to remain careful about securing their systems. A few key steps that can significantly alleviate the attack probabilities include keeping the systems up-to-date with the latest updates and patches, updating all software and apps installed on the systems, and running robust antimalware and EDR solutions to prevent such threats.

Let us know your thoughts in the comments.

You may also like