Researchers from Proofpoint last week revealed a new exploit builder kit that has been used by the sophisticated Cobalt Gang cyber-criminal group.
A malvertising campaign uses decoy websites pushing cryptocurrencies and then redirects users to the RIG exploit kit, Malwarebytes Labs said.
The Rig exploit kit, once used almost exclusively to deliver ransomware, is now not only no longer delivering that malware but has experienced a 96 percent reduction in overall usage.
Matrix ransomware is now being distributed via the RIG exploit kit on various sites displaying malvertising.
The techniques exploit kit authors use to hide their activities are frequently changing, and security researchers work hard to analyse and block these new threats.
MWI8 framework builds malicious Word documents and was recently advertised on the dark web as incorporating specific, recently discovered Flash vulnerabilities.
Trustwave researchers have looked at the new version of Sundown exploit kit, finding it to be riddled with other people's exploits
The cyber gang behind the ongoing WordPress malvertising campaign is now targeting Joomla sites.