Dridex trojan supplants Raccoon Stealer in ongoing Rig Exploit Kit campaign

Threat actors operating the ongoing RIG Exploit Kit campaign, which commenced in January, have begun leveraging the Dridex financial trojan, also known as Cridex or Bugat, in place of the Raccoon Stealer malware, according to The Hacker News. Bitdefender researchers discovered that the switch to Dridex occurred following the temporary closure of the Raccoon Stealer project after the demise of one of the operation's main developers amid the conflict between Russia and Ukraine. RedLine Stealer was also identified to be distributed in a RIG Exploit Kit campaign exploiting the already-patched Internet Explorer vulnerability, tracked as CVE-2021-26411, and a similar campaign last May involved the abuse of other Internet Explorer flaws to deliver the WastedLoader malware. "This once again demonstrates that threat actors are agile and quick to adapt to change. By design, Rig Exploit Kit allows for rapid substitution of payloads in case of detection or compromise, which helps cyber criminal groups recover from disruption or environmental changes," said researchers.