(REUTERS/Kacper Pempel )
The RIG Exploit kit infected 1.3 million devices a few years ago is back and is no good.
The RIG Exploit kit was responsible for infecting computers worldwide in a pace, on average, of 27,000 per day, according to the statistics released in 2015.
The crippling malware is back in the form of something called CEIDPageLock, which is “spread by the RIG Exploit kit”, according to Check Point, a company that IT security products.
MANY EMAIL SCAMS ARE SURPRISINGLY SIMPLE, BUT EFFECTIVE, REPORT SAYS
Today, RIG is the most active exploit kit, according to Trend Micro. In the second half of 2017, a large number of exploit kits was gone, but RIG has stuck around, Trend Micro said.
This version of the malware that focuses on Window systems – tries to hijack your browser and sets your homepage 2345.com – a Chinese web directory, according to Check Point.
“It is an illustrative example of the economic incentive for attackers,” Asaf Cidon, vice-president of the e-mail security services with Barracuda Networks, told Fox News in an e-mail.
“Instead of using the malware as a vehicle for ransomware, they prefer to use it as a mechanism for stealing credentials unnoticed, and then using that to launch follow-up attacks from the compromised account,” Cidon added.
That economic stimulus is realized as a hijacked browser redirects victims to search engines that share in the ad revenue with the referrer, Check Point said.
The malware also collects your browsing data on the victims, monitor the sites your users visit and how long they spend on these sites. “They then use the information to target their advertising campaigns or to sell to other companies who use the data to focus their marketing content,” according to Check Point.
The malware also contains VMProtect, making analysis difficult, Check Point added.
HERE ARE A FEW OF THE BEST FREE ANTI-VIRUS PROGRAMS FOR PC AND MAC
The infection rate, up to now, for this new RIG Exploit kit malware is low and has affected mainly China users, but the potential to break out – based on the success there is.
“The ability to execute code on an infected device during use of the [software] kernel, in combination with the persistence of the malware, makes it a potentially perfect back door,” Check Point said.
The rootkit was discovered by 360 Security Center.