Security News Malvertising Campaign Using RIG EK Detected Pushing CrypMIC Ransomware

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Security experts from Heimdal Security are warning against a new wave of malvertising that redirects users to malicious websites hosting the RIG exploit kit, which in the end infects victims with the CrypMIC ransomware.

This most recent wave of infections comes on the heels of a malvertising campaign that Cisco and GoDaddy brought down at the start of the month.

That particular malvertising campaign was exploiting advertising companies that deployed OpenX servers in order to inject malicious JavaScript code inside ads and redirect users to malicious websites hosting the Neutrino exploit kit.

Heimdal now says that there's an increase in the number of malvertising attacks that are leveraging the RIG exploit kit.

"RIG exploit kit has been spotted in several campaigns that use an 'iframe src' as the malicious inject to divert traffic to the arbitrary web pages created through domain shadowing," Heimdal's Andra Zaharia wrote today.

These RIG exploit kit installations use several recently disclosed Flash vulnerabilities to infect users with the same payload as the Neutrino campaigns, the CrypMIC ransomware.

This particular ransomware appeared over the summer, and it is a clone - with some variations - of the more famous CryptXXX ransomware.

A recent report released by Digital Shadows reveals that RIG is one of the five active exploit kits left on the market today, along with Neutrino, Magnitude, Sundown, and the lesser known Hunter EK.

Click to expand...
 
  • Like
Reactions: Der.Reisende, XhenEd, frogboy and 6 others
Andra Zaharia

Andra Zaharia

From Heimdal
Verified
Jun 29, 2015
104
exterminator20 said:
Security experts from Heimdal Security are warning against a new wave of malvertising that redirects users to malicious websites hosting the RIG exploit kit, which in the end infects victims with the CrypMIC ransomware.

This most recent wave of infections comes on the heels of a malvertising campaign that Cisco and GoDaddy brought down at the start of the month.

That particular malvertising campaign was exploiting advertising companies that deployed OpenX servers in order to inject malicious JavaScript code inside ads and redirect users to malicious websites hosting the Neutrino exploit kit.

Heimdal now says that there's an increase in the number of malvertising attacks that are leveraging the RIG exploit kit.

"RIG exploit kit has been spotted in several campaigns that use an 'iframe src' as the malicious inject to divert traffic to the arbitrary web pages created through domain shadowing," Heimdal's Andra Zaharia wrote today.

These RIG exploit kit installations use several recently disclosed Flash vulnerabilities to infect users with the same payload as the Neutrino campaigns, the CrypMIC ransomware.

This particular ransomware appeared over the summer, and it is a clone - with some variations - of the more famous CryptXXX ransomware.
Click to expand...

I'm glad you found our alert helpful! If any new info pops up, we'll make sure to update it.
 
  • Like
Reactions: Der.Reisende, XhenEd, frogboy and 3 others
L

LabZero

Malversting attacks can seem very complex, but often they can be controlled in a very simple way: turning off Flash, become a honeypot for criminals and using Sandboxie to lock down the browser in protected area that it can also deleted automatically by closing SB.
 
  • Like
Reactions: Der.Reisende, XhenEd, frogboy and 1 other person
Andra Zaharia

Andra Zaharia

From Heimdal
Verified
Jun 29, 2015
104
LabZero said:
Malversting attacks can seem very complex, but often they can be controlled in a very simple way: turning off Flash, become a honeypot for criminals and using Sandboxie to lock down the browser in protected area that it can also deleted automatically by closing SB.
Click to expand...

And I'd add another one to that: always keep your software up to date!
 
  • Like
Reactions: Der.Reisende, frogboy, LabZero and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
RIG Exploit Kit still infects enterprise users via Internet Explorer
Replies
0
Views
493
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
upnorth
    • +Reputation
    • Like
    • Thanks
Nitrogen Ransomware Effort Lures IT Pros via Google, Bing Ads
Replies
1
Views
1,275
News Archive
Sandbox Breaker
Sandbox Breaker
silversurfer
    • Like
    • +Reputation
Malware News Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Replies
0
Views
1,070
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top