Threat actors operating the ongoing RIG Exploit Kit campaign, which commenced in January, have begun leveraging the Dridex financial trojan, also known as Cridex or Bugat, in place of the Raccoon Stealer malware, according to The Hacker News.
Bitdefender researchers discovered that the switch to Dridex occurred following the temporary closure of the Raccoon Stealer project after the demise of one of the operation's main developers amid the conflict between Russia and Ukraine. RedLine Stealer was also identified to be distributed in a RIG Exploit Kit campaign exploiting the already-patched Internet Explorer vulnerability, tracked as CVE-2021-26411, and a similar campaign last May involved the abuse of other Internet Explorer flaws to deliver the WastedLoader malware.
"This once again demonstrates that threat actors are agile and quick to adapt to change. By design, Rig Exploit Kit allows for rapid substitution of payloads in case of detection or compromise, which helps cyber criminal groups recover from disruption or environmental changes," said researchers.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.