Posts

Method: Latest updates on the RIG Exploit Kit

On May 31st, Trend Micro posted technical analysis on updates to the RIG Exploit Kit. Updates include the delivery of a cryptocurrency mining malware as its final payload. Recently, it has been observed to exploit CVE-2018-8174, which affects the VBScript Engine accessed by Internet Explorer and Microsoft Office documents on systems running Windows 7 and later. Previously, RIG was observed delivering delivering GandCrab ransomware and Panda Banker as it’s payload. Distributing cryptocurrency mining malware is a new trend from the actors that run RIG. Following the previous methods of distribution, RIG uses malvertisements with a hidden iframe that redirects the victims to RIG’s landing page where the second-stage of the attack is then downloaded, retrieved and used to download a Monero Miner.

The Proficio Threat Intelligence Recommendations:

  • Note the trend of cybercriminal threat actors moving away from distributing banking trojans and ransomware and instead distributing cryptocurrency mining malware.
  • Be aware of indicators of cryptocurrency mining malware on systems such as increased CPU utilization and slow performance of the operating system.

General Info – Click Here