This malware strikes at the heart of software pirates.
You may save a few dollars by downloading pirated software, but you may also lose a lot more, as researchers have discovered a cryptocurrency-targeting info stealer lurking among the cracks.
Two separate cybersecurity firms, Flashpoint and Sekoia, discovered “RisePro,” a brand-new information-stealing malware.
RisePro infects endpoints via the PrivateLoader pay-per-install (PPI) malware distribution service and is distributed via websites hosting pirated software, cracks, loaders, and other similar illegal content.
Stealing cryptocurrency account information
According to the researchers, RisePro is very similar to PrivateLoader, leading them to believe that the malware distribution platform now has its info stealer. Furthermore, they discovered that it was most likely built on the foundation of Vidar, as it employs the same system of embedded DLL dependencies.
RisePro searches for information in a wide range of browsers, browser extensions, and cryptocurrency wallets, including Google Chrome, Firefox (and 30 other browsers), Authenticator, MetaMask, and Coinbase (and 26 other browser extensions). It also steals data from Discord, Battle.net, and Authy Desktop, and can scan filesystem folders for valuable data, such as credit card information.
According to Flashpoint, criminals have already begun selling sensitive, personally identifiable data in RisePro logs on Russian dark web markets. Threat actors who want to buy the logs or the tool itself can do so through Telegram by interacting with the threat actors’ Telegram bot.
PrivateLoader is described by researchers as a pay-per-install malware distribution service that frequently masquerades as a software crack or keygen. Until today, PrivateLoader only distributed RedLine Stealer or Raccoon, both of which are widely used in the cybercrime community.
The best way to avoid such threats is to avoid downloading illegal content in the first place and to only download software from legitimate, verified sources. A powerful antivirus solution is also recommended.