Security News > 2022 > December > New info-stealer malware infects software pirates via fake cracks sites
A new information-stealing malware named 'RisePro' is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install malware distribution service.
The malware was spotted by analysts at Flashpoint and Sekoia this week, with both cybersecurity firms confirming that RisePro is a previously undocumented information stealer now being distributed via fake software cracks and key generators.
RisePro is a C++ malware that, according to Flashpoint, might be based on the Vidar password-stealing malware, as it uses the same system of embedded DLL dependencies.
Sekoia further explains that some samples of RisePro embed the DLLs, while in others, the malware fetches them from the C2 server via POST requests.
PrivateLoader is a pay-per-install malware distribution service disguised as software cracks, key generators, and game modifications.
Threat actors provide the malware sample they wish to distribute, targeting criteria, and payment to the PrivateLoader team, who then uses their network of fake and hacked websites to distribute malware.