RIG EK – WindowsTechs.com

CVE-2018-8174 Vulnerability Used by Rig Exploit Kit

Posted on June 1, 2018 by Milena Dimitrova

Security researchers have been following the activity surrounding the infamous Rig exploit kit. In these campaigns, attackers are compromising websites to inject a malicious script that redirects potential victims to the EK’s landing page. This a… Continue reading CVE-2018-8174 Vulnerability Used by Rig Exploit Kit→

RIG EK Still Makes Waves, This Time with a Stealthy Backdoor

Posted on May 16, 2018 by Tara Seals

The main purpose of Grobios malware is to help attacker establish a strong, persistent foothold in a victim’s system, in order to drop additional payloads later. Continue reading RIG EK Still Makes Waves, This Time with a Stealthy Backdoor→

RIG exploit kit campaign gets deep into crypto craze

Posted on January 9, 2018 by Jérôme Segura

We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more … Continue reading RIG exploit kit campaign gets deep into crypto craze→

Elusive Moker Trojan is back

Posted on April 21, 2017 by Malwarebytes Labs

We finally have gotten our hands on a sample of Moker Trojan (that was discovered in 2015). This article will be a deep dive in its capabilities.
Categories:
Malware
Threat analysis
Tags: EKexploit kitmalwareMokerratRIG EKtrojan

Websites compromised in ‘Decimal IP’ campaign

Posted on March 29, 2017 by Jérôme Segura

This URL is quite probably unlike anything you’ve ever seen before and yet still works and redirects to malware.

Categories:

Tags: 1760468715 EK malware RIG EK RIG exploit kit site hacks

(Read more…)

The post Websites compromised in ‘Decimal IP’ campaign appeared first on Malwarebytes Labs.

Continue reading Websites compromised in ‘Decimal IP’ campaign→

The HookAds malvertising campaign

Posted on November 1, 2016 by Jérôme Segura

In this post we take a look at a malvertising campaign that we traced back to late August and that is targeting adult traffic. While initially pushing the Neutrino exploit kit, it switched to RIG EK in September. We estimate that at least one million v… Continue reading The HookAds malvertising campaign→

The HookAds malvertising campaign

Posted on November 1, 2016 by Jérôme Segura

New-looking Sundown EK drops Smoke Loader, Kronos banker

Posted on October 17, 2016 by Jérôme Segura

In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader f… Continue reading New-looking Sundown EK drops Smoke Loader, Kronos banker→

Just For Men website serves malware

Posted on September 20, 2016 by Jérôme Segura

The website for Just For Men, a company that sells various products for men, had their website breached and was serving a password stealing Trojan. The malicious code embedded in the WordPress site was part of the EITest campaign and pushed the RIG exp… Continue reading Just For Men website serves malware→

Exploit kit shakedown: RIG EK grabs Neutrino EK campaigns

Posted on August 16, 2016 by Jérôme Segura

Something unusual happened in the exploit kit ecosystem. Two well-known malware distribution campaigns switched from Neutrino EK to RIG EK. A temporary blip or a more durable change? Only time will tell.Categories: ExploitsTags: exploit kitsneutrinoRIG… Continue reading Exploit kit shakedown: RIG EK grabs Neutrino EK campaigns→