On May 31st, Trend Micro posted technical analysis on updates to the RIG Exploit Kit. Updates include the delivery of a cryptocurrency mining malware as its final payload. Recently, it has been observed to exploit CVE-2018-8174, which affects the VBScript Engine accessed by Internet Explorer and Microsoft Office documents on systems running Windows 7 and later. Previously, RIG was observed delivering delivering GandCrab ransomware and Panda Banker as it’s payload. Distributing cryptocurrency mining malware is a new trend from the actors that run RIG. Following the previous methods of distribution, RIG uses malvertisements with a hidden iframe that redirects the victims to RIG’s landing page where the second-stage of the attack is then downloaded, retrieved and used to download a Monero Miner.
The Proficio Threat Intelligence Recommendations:
- Note the trend of cybercriminal threat actors moving away from distributing banking trojans and ransomware and instead distributing cryptocurrency mining malware.
- Be aware of indicators of cryptocurrency mining malware on systems such as increased CPU utilization and slow performance of the operating system.
General Info – Click Here