Bitdefender Labs uncovers a global campaign to distribute RedLine Stealer malware
Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware.
Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight.
As web browsers grew more secure and introduced automatic updates for all their components or replaced them with modern standards, the use of EKs to distribute malware has declined to the point that they are a rare encounter these days. However, as there are still users running browsers without the latest security updates, Internet Explorer in particular, EKs have not completely run out of targets. The recently investigated campaign relying on RIG EK leverages CVE-2021-26411, an Internet Explorer vulnerability that causes memory corruption when viewing a specially crafted website.
The threat actors use the exploit to compromise the machine and deploy RedLine, a cheap but powerful info-stealing malware widely circulated on Russian-speaking forums.
From there, the adversaries exfiltrate sensitive user details such as cryptocurrency wallet keys, credit card details, and account credentials stored on web browsers.
The recent campaign was discovered by researchers at Bitdefender, who found that RIG EK incorporates CVE-2021-26411 to initiate an infection process that smuggles a copy of RedLine stealer on the target in packed form.
Read the full article below:
Premium Security & Bitdefender Endpoint Security Tools user