Numerous remote access trojans and information-stealing malware including Agent Tesla, AsyncRAT
, LokiBot, RedLine Stealer, DarkCrystal RAT, Arkei, NanoCore, Remcos, Warzone RAT, and Snake Keylogger have been distributed through the PureCrypter malware loader, according to The Hacker News
Developer PureCoder has been selling PureCrypter since March 2021, touting the malware loader as the only one in the market leveraging both online and offline delivery approaches, a Zscaler report showed.
"The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," wrote researcher Romain Dumont.
Aside from providing a Microsoft Office macro builder and a downloader, PureCrypter also offers the capability to facilitate malware injections in native processes. Self-removal and infection status reporting functionality has also been discovered by researchers.
However, the report showed that the loader has been barred from being uploaded to VirusTotal, MetaDefender, Jotti, and other malware scanning databases.