Staff member
Angler, the world's most popular exploit kit, appears to have shut down, as cyber-criminals are moving their operations to other exploits kits such as Neutrino, RIG, and Sundown, according to a tip received by Softpedia from Jerome Segura of Malwarebytes.

If this is the first time you read about an exploit kit such as Angler, these are specialized Web-based applications that sit on a website and await visitors. Crooks use malvertising attacks, hidden redirections on hacked sites, or spam campaigns to send traffic to these Web pages.

Here, exploit kits (EKs) like Angler test the user's locally-installed software and detect vulnerable versions. They then deliver malicious code via JavaScript, Flash, or Silverlight that exploit these weaknesses in order to download and install malware in what's known as a drive-by download. Most users never notice anything, unless their have antivirus software installed on their computers.

Top malvertising actors have already switched to the Neutrino EK
Mr. Segura, whose company is an expert on malvertising campaigns and exploit kit usage, has been blogging lately about multiple cyber-crime operations that have startedswitching away from the Angler Exploit Kit (EK).

The same things were also reported by a security researcher named Kaffeine (Malware don't need Coffee blog) and Brad Duncan (Malware Traffic Analysis blog).

All three say that important actors in the malvertising scene are now migrating to other exploit kits, but mainly Neutrino.

"The changes we saw are profound," Segura told Softpedia. "Some actors only ever worked with Angler, esp. those top malvertising campaigns."

Read more: All Clues Point to the Death of the Angler Exploit Kit


Level 1
There is no locigical reason to them to stop now - to much easy many with basically no risk for them ( if using bitcoin and tor properly). Like @pablozi says we can be sure that they are at this time upgrading and "optimizing" process, since they (must) be thinking that they leave to mouch money on table .... we will see more sophisticated attacks i am afraid .... like combinating mischa+petya ... myebee even some semi manual attack that will first manual looking for our lan bckups with help of some rented cheap entry level hacker....


Level 61
Basically one main logic reason is go to the biggest or backup ones to improve more on the exploit kits.

Since the article stated to be possible presumption, the problem here is the game is not yet over. ;)

Exploit attacks = Money spend = Money revenue