Tag Archive for: ‘Dridex’

YOU are the computer security problem! | Graham Cluley



RIG Exploit Kit Now Infects Victims’ PCs With Dridex Instead of Raccoon Stealer


RIG Exploit Kit

The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022.

The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in the Russo-Ukrainian war in March 2022.

The Rig Exploit Kit is notable for its abuse of browser exploits to distribute an array of malware. First spotted in 2019, Raccoon Stealer is a credential-stealing trojan that’s advertised and sold on underground forums as a malware-as-a-service (MaaS) for $200 a month.

CyberSecurity

That said, the Raccoon Stealer actors are already working on a second version that’s expected to be “rewritten from scratch and optimized.” But the void left by the malware’s exit is being filled by other information stealers such as RedLine Stealer and Vidar.

Dridex (aka Bugat and Cridex), for its part, has the capability to download additional payloads, infiltrate browsers to steal customer login information entered on banking websites, capture screenshots, and log keystrokes, among others, through different modules that allow its functionality to be extended at will.

RIG Exploit Kit

In April 2022, Bitdefender discovered another Rig Exploit Kit campaign distributing the RedLine Stealer trojan by exploiting an Internet Explorer flaw patched by Microsoft last year (CVE-2021-26411).

CyberSecurity

That’s not all. Last May, a separate campaign exploited two scripting engine vulnerabilities in unpatched Internet Explorer browsers (CVE-2019-0752 and CVE-2018-8174) to deliver a malware called WastedLoader, so named for its similarities to WasterLocker but lacking the ransomware component.

“This once again demonstrates that threat actors are agile and quick to adapt to change,” the cybersecurity firm said. “By design, Rig Exploit Kit allows for rapid substitution of payloads in case of detection or compromise, which helps cyber criminal groups recover from disruption or environmental changes.”

Source...


[the_ad_group id="27628"]

Most wanted malware Dridex remains in top position amidst global surge in ransomware attacks


The Dridex trojan is the most prevalent malware for the second month running, according to Check Point Research.

The trojan is often used in the initial stages of ransomware attacks.

Check Point Research has published its latest Global Threat Index for April 2021. Researchers report that for the first time, AgentTesla has ranked second in the Index. 

This month, Dridex, a Trojan that targets the Windows platform, spread via QuickBooks Malspam Campaign. The phishing emails used QuickBookss branding and were trying to lure the user with fake payment notifications and invoices. The email content asked to download a malicious Microsoft Excel attachment that could cause the system to be infected with Dridex.

According to CPR, this malware is often used as the initial infection stage in ransomware operations where hackers will encrypt an organisation’s data and demand a ransom in order to decrypt it. 

Increasingly, these hackers are using double extortion methods, where they will steal sensitive data from an organisation and threaten to release it publicly unless a payment is made. 

CPR reported in March that ransomware attacks had seen a 57% increase in the beginning of 2021, but this trend has continued to spike and has completed a 107% increase from the equivalent period last year. Most recently, Colonial Pipeline, a major US fuel company, was the victim of such an attack and in 2020, it is estimated that ransomware cost businesses worldwide around $20 billion – a figure that is nearly 75% higher than in 2019.

For the first time, AgentTesla ranked in 2nd place in the top malware list. AgentTesla is an advanced RAT (remote access Trojan) that has been active since 2014 and functions as a keylogger and password stealer. This RAT can monitor and collect the victim’s keyboard input and system clipboard, and can record screenshots and exfiltrate credentials entered for a variety of software installed on the victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client).

This month there is an increase in AgentTesla campaigns, which spread via malspam. The email content is asking to download a file (it can be any file type) that could cause the…

Source…