You might save a few bucks by downloading pirated software, but you could also end up losing a lot more in the process, as researchers have discovered a cryptocurrency-targeted information thief lurking between the cracks.
Two independent cybersecurity companies, Flashpoint and Sekoia, have discovered a new information-stealing malware called "RisePro".
RisePro is distributed via websites hosting pirated software, cracks, loaders, and similar illegal content, and infects endpoints via the pay-per-install (PUP) malware distribution service PrivateLoader.
Steal cryptographic account details
According to the researchers, RisePro has many similarities with PrivateLoader, which led the researchers to conclude that the malware distribution platform now has its own information stealer. Furthermore, they found that it was most likely based on Vidar, since it uses the same system of built-in DLL dependencies.
RisePro fetches data from a long list of browsers, browser extensions, and cryptocurrency wallets, including Google Chrome, Firefox (and 30 other browsers), Authenticator, MetaMask, and Coinbase (and 26 other Navigator). Furthermore, it steals data from Discord, battle.net, Authy Desktop, and can scan file system folders for valuable data, for example, credit card information.
According to Flashpoint, criminals have already started selling RisePro logs containing sensitive and personally identifiable data on Russian dark web marketplaces. Threat actors interested in buying the logs or the tool itself can do so via Telegram, by interacting with the Telegram threat actor bot.
Researchers describe PrivateLoader as a pay-per-install malware distribution service, often masquerading as crack or keygen software. Until today, PrivateLoader only distributed RedLine Stealer or Raccoon, both very popular information stealers in the cybercriminal community.
The best way to protect yourself against such threats is to refrain from downloading illegal content to begin with and only download software from legitimate and verified sources. A powerful antivirus solution is also recommended.
Via: BleepingComputer (Opens in a new tab)