The operators behind the Rig Exploit Package have swapped the Raccoon Stealer malware for the Dridex monetary trojan as a part of an ongoing marketing campaign that commenced in January 2022.
The swap in modus operandi, noticed by Romanian firm Bitdefender, comes within the wake of Raccoon Stealer quickly closing the venture after one among its crew members answerable for vital operations handed away within the Russo-Ukrainian battle in March 2022.
The Rig Exploit Package is notable for its abuse of browser exploits to distribute an array of malware. First noticed in 2019, Raccoon Stealer is a credential-stealing trojan that is marketed and bought on underground boards as a malware-as-a-service (MaaS) for $200 a month.
That mentioned, the Raccoon Stealer actors are already engaged on a second model that is anticipated to be “rewritten from scratch and optimized.” However the void left by the malware’s exit is being crammed by different info stealers comparable to RedLine Stealer and Vidar.
Dridex (aka Bugat and Cridex), for its half, has the aptitude to obtain extra payloads, infiltrate browsers to steal buyer login info entered on banking web sites, seize screenshots, and log keystrokes, amongst others, via completely different modules that permit its performance to be prolonged at will.
In April 2022, Bitdefender found one other Rig Exploit Package marketing campaign distributing the RedLine Stealer trojan by exploiting an Web Explorer flaw patched by Microsoft final yr (CVE-2021-26411).
That is not all. Final Might, a separate marketing campaign exploited two scripting engine vulnerabilities in unpatched Web Explorer browsers (CVE-2019-0752 and CVE-2018-8174) to ship a malware referred to as WastedLoader, so named for its similarities to WasterLocker however missing the ransomware element.
“This as soon as once more demonstrates that risk actors are agile and fast to adapt to alter,” the cybersecurity agency mentioned. “By design, Rig Exploit Package permits for fast substitution of payloads in case of detection or compromise, which helps cyber prison teams recuperate from disruption or environmental adjustments.”
