Security News > 2022 > September > Dev backdoors own malware to steal data from other hackers
Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service.
Prynt Stealer can steal cryptocurrency wallet information, sensitive info stored in web browsers, VPN account data, cloud gaming account details.
Zscaler's researchers also note that Prynt Stealer is very similar to the malware families WorldWind and DarkEye, suggesting that the same author is behind them.
Prynt Stealer's builder is meant to help unskilled cybercriminals configure the malware for deployment, setting all parameters and letting the automated tool do the work.
Zscaler's analysts acquired a leaked copy of the builder and found that during execution, a loader fetches 'DarkEye Stealer' from Discord and configures it to exfiltrate data to the author.
The malware author configures the builder to drop and execute LodaRAT, an old yet powerful trojan, that enables remote actors to take control of the infected system, steal information, fetch additional payloads, etc.
News URL
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Hackers breach ISP to poison software updates with malware (source)
- North Korean hackers exploit VPN update flaw to install malware (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)