New information-stealing malware RisePro is being distributed using the PrivateLoader pay-per-install malware downloader service, The Hacker News reports.
SEKOIA researchers discovered partial overlaps in source code between RisePro and PrivateLoader, with both sharing the same HTTP message obfuscation approach, string scrambling mechanism, and HTTP method and port setup. Aside from featuring capabilities enabling the theft of data from up to 36 web browsers, RisePro also allows threat actors to use a stealer-created bot ID to interact with compromised systems and access stolen data logs through an administration panel. Meanwhile, PrivateLoader has been leveraged to distribute numerous malware, including the Vidar Stealer, which was found to be similar to RisePro. However, whether only a single set of threat actors are behind both RisePro and PrivateLoader remains uncertain. "PrivateLoader is still active and comes with a set of new capabilities. Similarities between the stealer and PrivateLoader cannot be ignored and provides additional insight into the threat actor expansion," said SEKOIA.
The surge comes after malicious actors impersonated well-known brands, such as Adobe Reader and Microsoft Teams, to deliver numerous malware strains, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer and Vidar.
At least 1,200 Redis database servers worldwide have been compromised by a sophisticated piece of malware since September 2021, while more than 2,800 uninfected servers remain at high risk of exploitation.