RIG Exploit Kit

A brand-new project leveraging a make use of package has actually been observed abusing a Web Traveler problem covered by Microsoft in 2015 to supply the RedLine Thief trojan.

” When performed, RedLine Thief does spy versus the target system (consisting of username, equipment, web browsers mounted, anti-virus software application) and afterwards exfiltrates information (consisting of passwords, conserved bank card, crypto pocketbooks, VPN logins) to a remote command and also control web server,” Bitdefender said in a brand-new record shown The Cyberpunk Information.

A lot of the infections lie in Brazil and also Germany, complied with by the united state, Egypt, Canada, China, and also Poland, to name a few.

Manipulate sets or make use of packs are thorough devices which contain a collection of ventures created to make use of susceptabilities in commonly-used software application by scanning contaminated systems for various sort of problems and also releasing extra malware.


The key infection technique utilized by assaulters to disperse make use of sets, in this situation the Rig Exploit Kit, is via jeopardized web sites that, when seen, goes down the make use of code to eventually send out the RedLine Thief haul to accomplish follow-on strikes.

RIG Exploit Kit

The problem concerned is CVE-2021-26411 (CVSS rating: 8.8), a memory corruption susceptability influencing Web Traveler that has actually been formerly weaponized by North Korea-linked risk stars. It was resolved by Microsoft as component of its Spot Tuesday updates for March 2021.

” The RedLine Thief example supplied by gear EK comes crammed in several security layers […] to prevent discovery,” the Romanian cybersecurity company kept in mind, with the unpacking of the malware advancing via as several as 6 phases.


RedLine Thief, an information-stealing malware marketed on below ground discussion forums, features functions to exfiltrate passwords, cookies and also bank card information conserved in web browsers, along with crypto pocketbooks, conversation logs, VPN login qualifications and also message from documents according to commands obtained from a remote web server.

This is much from the only project that entails the circulation of RedLine Thief. In February 2022, HP detailed a social design strike making use of phony Windows 11 upgrade installers to fool Windows 10 customers right into downloading and install and also performing the malware.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.