1 min read

RIG Exploit Kit Swaps Dead Raccoon with Dridex

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
RIG Exploit Kit Swaps Dead Raccoon with Dridex

In January 2022, the Cyber Threat Intelligence Lab started tracking a RIG Exploit Kit campaign pushing Raccoon Stealer – a credential-stealing Trojan advertised and sold on underground forums as malware-as-a-service for $ 200 a month.

RIG Exploit Kit is known to be used in conjunction with stealers such as RedLine (documented by Bitdefender earlier in April). The campaign tracked by Bitdefender has taken an unexpected turn in February when Raccoon Stealer came to a temporary halt as one of the lead developers was killed in the Russian invasion of Ukraine.

Despite the stealer no longer being operational anymore, threat actors operating this RIG campaign have rapidly adapted by replacing Raccoon malware with Dridex to make the most of the ongoing campaign. The diagram below shows a drop in pushed payloads around Feb 20, but operations continue undisrupted despite the termination of Racoon Stealer in late March.

This once again demonstrates that threat actors are agile and quick to adapt to change. By design, RIG Exploit Kit allows for rapid substitution of payloads in case of detection or compromise, which helps cyber-criminal groups recover from disruption or environmental changes.

Despite the bumps in the road, Raccoon Stealer is not gone, it’s just on a break – the first one since 2019. If you want to learn more about it, we have a deep dive whitepaper available for download below:

Download the Raccoon Stealer Whitepaper

tags


Author



Right now

Top posts

A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store
Alexandra BOCEREGRăzvan GOSAAlbert ENDRE-LASZLOAlex BACIUSilviu STAHIE
7 min read
RIG Exploit Kit Swaps Dead Raccoon with Dridex RIG Exploit Kit Swaps Dead Raccoon with Dridex
Mihai NEAGUGeorge MIHALI
1 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
Silviu STAHIE

December 10, 2021

2 min read