Security News > 2022 > September > Dev backdoors own malware to steal data from other hackers
Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service.
Prynt Stealer can steal cryptocurrency wallet information, sensitive info stored in web browsers, VPN account data, cloud gaming account details.
Zscaler's researchers also note that Prynt Stealer is very similar to the malware families WorldWind and DarkEye, suggesting that the same author is behind them.
Prynt Stealer's builder is meant to help unskilled cybercriminals configure the malware for deployment, setting all parameters and letting the automated tool do the work.
Zscaler's analysts acquired a leaked copy of the builder and found that during execution, a loader fetches 'DarkEye Stealer' from Discord and configures it to exfiltrate data to the author.
The malware author configures the builder to drop and execute LodaRAT, an old yet powerful trojan, that enables remote actors to take control of the infected system, steal information, fetch additional payloads, etc.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)