Malware, Threat Management

PrivateLoader leveraged to spread various malware

Numerous malware strains, including Smokeloader, Vidar, and Redline, have been executed using the PrivateLoader pay-per-install loader since last May, ZDNet reports.

Threat actors could leverage Smokeloader, which is the most prevalent malware executed by the PPI loader, to steal data and perform reconnaissance, while the Vidar spyware could be used to exfiltrate documents, passwords, and digital wallet information, according to Intel 471.

Researchers discovered the use of PrivateLoader bots for Kronos banking trojan and Dridex botnet distribution. Moreover, another loader named Discoloader was leveraged for Conti ransomware deployment.

"PPI services have been a pillar of cybercrime for decades. Just like the wider population, criminals are going to flock to software that provides them a wide array of options to easily achieve their goals… By highlighting the versatility of this malware, we hope to give defenders the chance to develop unique strategies in thwarting malware attacks empowered by PrivateLoader," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.