AresLoader malware and AiDLocker ransomware developer DeadXInject has introduced the new sophisticated ManticoraLoader malware-as-a-service that could target Windows 7, Windows Server 7, and more recent versions earlier last month, according to The Cyber Express.
Aside from facilitating the comprehensive gathering and exfiltration of device information — including usernames, IP addresses, antivirus software, universally unique identifiers, system language, and date-time stamps — ManticoraLoader, which could be rented for $500 a month, also features extensive obfuscation capabilities enabling evasion of the 360 Total Security sandboxing tool, a report from Cyble Research and Intelligence Labs showed.
Robust persistence has also been integrated into ManticoraLoader, which could facilitate file placement in auto-start locations to ensure continuous compromise, said researchers, who also noted the possibility of additional capabilities in the MaaS due to its modular nature. Such MaaS has emerged amid continued widespread activity of the AresLoader malware, indicating DeadXInject's move to bolster its attack arsenal.