More than 2,000 logs have been noted by the cybercrime market Russian Market to have been stolen using the new RisePro information stealer, indicating its rising popularity among threat actors, SecurityWeek reports. Flashpoint researchers discovered that RisePro may have been built upon the Vidar stealer. Machines compromised by the C++-based RisePro may have potentially sensitive data harvested prior to the information stealer's attempts to exfiltrate the data as logs. RisePro has been believed to be a Vidar clone due to its use of the same dynamic link library dependencies but the new stealer was also found to have other features shared with other information stealers. The report also showed that the PrivateLoader pay-per-install malware downloader service has been distributing RisePro during the past year. Botnet operators have been leveraging pay-per-install services as a means to facilitate malicious payload distribution, with researchers noting that such services are being promoted on Telegram and cybercrime forums.