Security News > 2022 > September > Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services
2022-09-16 14:17

Cybersecurity researchers have exposed new connections between a widely used pay-per-install malware service known as PrivateLoader and another PPI service dubbed ruzki.

"The threat actor ruzki advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said.

The cybersecurity firm said its investigations into the twin services led it to conclude that PrivateLoader is the proprietary loader of the ruzki PPI malware service.

"Based on the wide selection of malware families, which implies a wide range of threat actors or intrusion sets operating this malware, the PPI service running PrivateLoader is very attractive and popular to attackers on underground markets," the researchers said.

An overlap between the PrivateLoader C2 servers and that of URLs provided by ruzki to the subscribers so as to monitor installation statistics related to their campaigns.

References to ruzki in PrivateLoader botnet sample names that were used to deliver the Redline Stealer, such as ruzki9 and 3108 RUZKI, and.


News URL

https://thehackernews.com/2022/09/researchers-find-link-bw-privateloader.html