Malware, Threat Management

RisePro info-stealer distributed through PrivateLoader PPI service

New information-stealing malware RisePro is being distributed using the PrivateLoader pay-per-install malware downloader service, The Hacker News reports. SEKOIA researchers discovered partial overlaps in source code between RisePro and PrivateLoader, with both sharing the same HTTP message obfuscation approach, string scrambling mechanism, and HTTP method and port setup. Aside from featuring capabilities enabling the theft of data from up to 36 web browsers, RisePro also allows threat actors to use a stealer-created bot ID to interact with compromised systems and access stolen data logs through an administration panel. Meanwhile, PrivateLoader has been leveraged to distribute numerous malware, including the Vidar Stealer, which was found to be similar to RisePro. However, whether only a single set of threat actors are behind both RisePro and PrivateLoader remains uncertain. "PrivateLoader is still active and comes with a set of new capabilities. Similarities between the stealer and PrivateLoader cannot be ignored and provides additional insight into the threat actor expansion," said SEKOIA.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.