Over the past years, the exploit kit has been observed installing various malware ranging from banking trojans to ransomware.
However, since 2017, there has been a major shift in its activity and is being now used to deliver cryptominers as well.
RIG exploit kit, next to the prolific Fallout exploit kit, is the most actively used exploit kit. RIG is unique when compared to other exploit kits as it merges different web technologies such as VB Script, Flash and DoSWF to evade detection.
Activities
RIG was first spotted in 2014. Over the past years, the exploit kit has been observed installing various malware ranging from banking trojans to ransomware. However, since 2017, there has been a major shift in its activity and is being now used to deliver cryptominers as well.
Going by the previous records, the exploit kit has been majorly involved in the delivery of different ransomware such as CryptoShield 1.0, Spora, Revenge, PyCL, Matrix, GandCrab and more. The exploit kit was also used to deliver trojans such as Ramnit, Pony, AZORult, and Grobois.
Some notable campaigns like Afraidgate, EITest and pseudo-Darkleech used RIG EK to distribute Locky, CryptoMis, Cryptosheild, Spora and Cerber ransomware in 2017.
Variants
In 2015, an updated version of the original version of RIG EK, labeled RIG 3.0 was discovered by researchers at Trustwave. At the time of discovery, the RIG 3.0 had already infected 1.25 million people at an average rate of 27,000 machines per day. Other than delivering malware, the improved EK was used by hackers to spread malvertising and exploiting flaws in Flash, Java, and Microsoft Silverlight.
Two months ago, the RIG exploit kit’s future was in danger after an un ..
Support the originator by clicking the read the rest link below.
