Security News > 2022 > December > PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware

The pay-per-install malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro.

Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "Several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market.

A C++-based malware, RisePro is said to share similarities with another info-stealing malware referred to as Vidar stealer, itself a fork of a stealer codenamed Arkei that emerged in 2018.

"The appearance of the stealer as a payload for a pay-per-install service may indicate a threat actor's confidence in the stealer's abilities," the threat intelligence company noted in a write-up last week.

RisePro is no different from other stealers in that it's capable of stealing a wide range of data from as many as 36 web browsers, including cookies, passwords, credit cards, crypto wallets, as well as gathering files of interest and loading more payloads.

It's currently not clear if RisePro is authored by the same set of threat actors behind PrivateLoader, and if it's exclusively bundled alongside the PPI service.

News URL

https://thehackernews.com/2022/12/privateloader-ppi-service-found.html