23 June 2022

RIG Exploit Kit infects systems with Dridex instead of Raccoon due to death of the latter’s developer


RIG Exploit Kit infects systems with Dridex instead of Raccoon due to death of the latter’s developer

Hackers are now using the RIG Exploit Kit to deliver not Raccoon Stealer as they did it before, but the Dridex banking trojan.

Bitdefender Cyber Threat Intelligence Lab first spotted this trend in January 2022. According to the researchers, this switch was caused by a temporary cessation of Raccoon Stealer’s activity in February when one of its developers was killed in the Russian invasion of Ukraine.

First observed in April 2019, Raccoon Stealer is written in C++. It targets a critical vulnerability in Internet Explorer (CVE-2021-26411), which leads to a remote code execution. The malware is able to steal credit card data, email credentials, cryptocurrency wallets, and other sensitive information. The info stealer is distributed as a MaaS (malware-as-a-service) for $200 per month. Its operators provide their subscribers with an automated backend panel, bulletproof hosting, and 24/7 support.

Despite the fact that Raccoon Stealer is no longer operational, the hackers behind this new RIG Exploit Kit campaign decided not to stop their operation and quickly replaced it with the Dridex banking trojan.

The Dridex malware first appeared in 2012, and by 2015 had become one of the most prevalent banking trojans. It operates from multiple modules, which are capable of capturing screenshots, acting as a virtual machine, or incorporating the victim machine into a botnet. Dridex can also steal data from browsers, detect access to online banking applications and websites, and inject keyloggers.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024