RIG Exploit Kit | Breaking Cybersecurity News | The Hacker News

The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT  said  in an exhaustive report shared with The Hacker News. "Although it has yet to substantially change its exploits in its more recent activity, the type and version of the malware they distribute constantly change. The frequency of updating samples ranges from weekly to daily updates." Exploit kits are programs used to distribute malware to large numbers of victims by taking advantage of known security flaws in commonly-used software such as web browsers. The fact that  RIG EK  runs as a service model means threat actors can financially compensate the RIG EK administrator for installing malware of their choice on victim machines. The RIG EK operators primarily employ malvertising to ensure a high infection rate and large-scale

The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi,  spotted  by Romanian company Bitdefender, comes in the wake of Raccoon Stealer  temporarily closing the project  after one of its team members responsible for critical operations passed away in the Russo-Ukrainian war in March 2022. The Rig Exploit Kit is notable for its abuse of browser exploits to distribute an array of malware. First spotted in 2019, Raccoon Stealer is a credential-stealing trojan that's advertised and sold on underground forums as a malware-as-a-service (MaaS) for $200 a month. That said, the Raccoon Stealer actors are already working on a second version that's expected to be "rewritten from scratch and optimized." But the void left by the malware's exit is being filled by other information stealers such as RedLine Stealer and Vidar.

The official website of the popular cross-platform JavaScript library jQuery (jquery.com) has been compromised and redirecting its visitors to a third-party website hosting the RIG exploit kit , in order to distribute information-stealing malware. JQuery is a free and open source JavaScript library designed to simplify the client-side scripting of HTML. It is used to build AJAX applications and other dynamic content easily. The popular JavaScript library is used by 30 percent of websites, including 70 percent of the top 10,000 most visited websites. James Pleger , Director of Research at Risk management software company RiskIQ , reported yesterday that the attack against jQuery.com web servers launched for a short period of time on the afternoon of September 18th. So, the users who visited the website on September 18th may have infected their system with data-stealing malware by redirecting users to the website hosting RIG. Pleger urged those who visited the site durin