Security News > 2023 > February > PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.

"The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control to deliver a secondary payload," Menlo Security researcher Abhay Yadav said.

The different types of malware propagated using PureCrypter include RedLine Stealer, Agent Tesla, Eternity, Blackmoon, and Philadelphia ransomware.

First documented in June 2022, PureCrypter is advertised for sale by its author for $59 for one-month access and is capable of distributing a multitude of malware.

The infection sequence detailed by Menlo Security commences with a phishing email containing a Discord URL that points to the first-stage component, a password-protected ZIP archive that, in turn, loads the PureCrypter malware.

The loader, for its part, reaches out to the website of the breached non-profit entity to fetch the secondary payload, which is a.NET-based keylogger named Agent Tesla.

News URL

https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html