Info-stealing malware Prynt Stealer has been found to feature a private Telegram channel-based backdoor with the ability to exfiltrate data that was stolen by other threat actors, The Hacker News reports.
Zscaler ThreatLabz researchers discovered that open source malware families StormKitty and AsyncRAT have been used as the basis for Prynt Stealer's codebase, which also has a backdoor Telegram channel for gathering previously stolen data. Malware developers have also integrated an anti-analysis feature within Prynt Stealer.
The report also shed light on the WorldWind and DarkEye variants of Prynt Stealer, with DarkEye being integrated with a "free" Prynt Stealer builder, which could facilitate Loda RAT execution.
"The free availability of source code for numerous malware families has made development easier than ever for less sophisticated threat actors... The Prynt Stealer author went a step further and added a backdoor to steal from their customers by hardcoding a Telegram token and chat ID into the malware. As the saying goes, there is no honor among thieves," said researchers.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.