One of the exploit kits that is frequently used to spread different infections is RIG. The kit, first discovered in 2014, has the unusual ability to blend with several web technologies, like C, to avoid detection. The famed Dridex malware may now be dropped by threat actors using the RIG exploit kit, according to recent study.
What is the issue?
Researchers from Bitdefender claim that as part of an ongoing effort that started in January 2021, the creators of the RIG exploit kit have switched the Raccoon Stealer virus with the Dridex trojan.
After Raccoon Stealer momentarily ceased operations in February 2022, a change in the mode of operation followed.
Despite Raccoon Stealer’s total termination in late March, its operators were able to quickly recover from interruption and swap out the payloads thanks to a special feature of the RIG exploit kit.
RIG’s other recent operations have been noticed
The exploit kit and RedLine Stealer were combined in a new campaign in April.
In order to spread the virus, the campaign took use of an Internet Explorer vulnerability.
Once activated, the stealer was able to steal credit card information, cookies, and passwords stored in browsers and cryptocurrency wallets. The thief might also grab text from files and VPN login information.
The conclusion
Researchers from Bitdefender point out that the capacity to switch payloads instantly shows how adaptable and nimble threat actors are. In order to detect and eliminate threats at an early stage, businesses must strengthen their protection systems and routinely monitor the actions.