More threat actors have been leveraging the AceCryptor malware to facilitate malware distribution, recording more than 240,000 detections from 2021 to 2022, The Hacker News reports.
Most AceCryptor detections have been noted in Peru, Egypt, Thailand, Indonesia, and Brazil, while SmokeLoader, RedLine Stealer, RanumBot, RaccoonStealer, and STOP malware were the leading payloads distributed through the crypter, an ESET report revealed.
Trojanized installers of bootleg software, phishing emails, or other malware have been leveraged to facilitate the deployment of malware within AceCryptor, which features a three-layer architecture for payload delivery while evading debugging, virtual machines, and analysis techniques.
"Even though threat actors can create and maintain their own custom cryptors, for crimeware threat actors it often may be a time-consuming or technically difficult task to maintain their cryptor in a so-called FUD (fully undetectable) state. Demand for such protection has created multiple crypter-asa-service (CaaS) options that pack malware," wrote ESET researcher Jakub Kaloc.
BleepingComputer reports that more than 12 million Android devices have collectively downloaded 18 malicious loan apps dubbed "SpyLoan," which could exfiltrate not only call logs, local Wi-Fi network information, and image metadata but also text messages, location information, and contact lists.