Cryptominer malwares in RIG EK spread via malvertising
Malwarebytes researcher Jerome Segura analyzed a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising.
Around November 2017, Segura began noticing exploit kits containing larger-than-usual payloads carrying one or more cryptominers for Monero and other popular currencies such as Bytecoin and Electroneum, according to a Jan. 9 blog post.
In the Ngay campaign, researchers noticed various redirection techniques to download the RIG EK to infect users with processes that will mine multiple cryptocurrencies in a single attack.