Security News > 2022 > September > Dev backdoors own malware to steal data from other hackers
Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service.
Prynt Stealer can steal cryptocurrency wallet information, sensitive info stored in web browsers, VPN account data, cloud gaming account details.
Zscaler's researchers also note that Prynt Stealer is very similar to the malware families WorldWind and DarkEye, suggesting that the same author is behind them.
Prynt Stealer's builder is meant to help unskilled cybercriminals configure the malware for deployment, setting all parameters and letting the automated tool do the work.
Zscaler's analysts acquired a leaked copy of the builder and found that during execution, a loader fetches 'DarkEye Stealer' from Discord and configures it to exfiltrate data to the author.
The malware author configures the builder to drop and execute LodaRAT, an old yet powerful trojan, that enables remote actors to take control of the infected system, steal information, fetch additional payloads, etc.
News URL
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)