23 June 2022

RIG Exploit Kit infects systems with Dridex instead of Raccoon due to death of the latter’s developer


RIG Exploit Kit infects systems with Dridex instead of Raccoon due to death of the latter’s developer

Hackers are now using the RIG Exploit Kit to deliver not Raccoon Stealer as they did it before, but the Dridex banking trojan.

Bitdefender Cyber Threat Intelligence Lab first spotted this trend in January 2022. According to the researchers, this switch was caused by a temporary cessation of Raccoon Stealer’s activity in February when one of its developers was killed in the Russian invasion of Ukraine.

First observed in April 2019, Raccoon Stealer is written in C++. It targets a critical vulnerability in Internet Explorer (CVE-2021-26411), which leads to a remote code execution. The malware is able to steal credit card data, email credentials, cryptocurrency wallets, and other sensitive information. The info stealer is distributed as a MaaS (malware-as-a-service) for $200 per month. Its operators provide their subscribers with an automated backend panel, bulletproof hosting, and 24/7 support.

Despite the fact that Raccoon Stealer is no longer operational, the hackers behind this new RIG Exploit Kit campaign decided not to stop their operation and quickly replaced it with the Dridex banking trojan.

The Dridex malware first appeared in 2012, and by 2015 had become one of the most prevalent banking trojans. It operates from multiple modules, which are capable of capturing screenshots, acting as a virtual machine, or incorporating the victim machine into a botnet. Dridex can also steal data from browsers, detect access to online banking applications and websites, and inject keyloggers.

Back to the list

Latest Posts

Cyber Security week in review: December 2, 2022

Cyber Security week in review: December 2, 2022

The world in brief: Samsung, LG, Mediatek certificates used to sign Android malware, researchers detail new exploit framework, and more.
2 December 2022
Security researchers unintentionally crash KmsdBot botnet

Security researchers unintentionally crash KmsdBot botnet

The malware lacked an error-checking mechanism, which allowed the researchers to deactivate it.
1 December 2022
New Heliconia framework exploits n-day flaws in Chrome, Firefox and Microsoft Defender

New Heliconia framework exploits n-day flaws in Chrome, Firefox and Microsoft Defender

The researchers have linked the framework to a Spain-based software company.
1 December 2022