RIG is a notorious exploit kit that can spread different malware variants. Researchers first discovered the kit in 2014, which can uniquely combine with web techs such as DoSWF, Flash player, and VBScript to bypass security solutions.
However, the kit has become known again after researchers observed a new activity involving it, where it enables malicious threat actors to deploy the Dridex trojan.
The exploit tool’s operators have replaced the Raccoon Stealer malware with Dridex Trojan as part of a campaign that started in January last year. The replacement in the infection method started after the Raccoon Stealer temporarily closed its operations last February.
Raccoon Stealer met its maker last March when it faced its complete termination. However, the RIG Exploit Kit allowed its operators to immediately recover and adjust from the disruption by substituting the payloads used for attacks.
RIG Exploit Kit slightly changed its malware deployment, but its activity showed that it could adjust quickly, even if there were a bump in its operation like the closure of Raccoon Stealer.
Last April, the exploit kit was utilised by its operators in conjunction with RedLine Stealer in new cybercriminal activity. The latest threat campaign exploited an Internet Explorer flaw to spread the mentioned stealer malware.
After the malware’s execution, the stealer could exfiltrate several credentials and information such as passwords, browser cookies, and credit card data saved in cryptocurrency wallets and browsers. In addition, the stealer could rob text from files and VPN log-in credentials.
The researchers indicated that the ability of the exploit kit to swiftly swap payloads shows that the threat actors operating RIG are quick and agile to adapt to surprise changes. Therefore, organisations should increase and fortify their defence systems and constantly monitor their activities to identify and address threats in an early scene.
Lastly, it is also better for organisations to keep tabs on current trends and threats to know more about how to counteract such activity.
