You can save a few dollars by downloading pirated software, but you could also lose a lot more as researchers have discovered an information thief lurking among the vulnerabilities targeting cryptocurrencies.
Two separate cybersecurity companies – Flashpoint and Sekoia – have discovered brand new malware called “RisePro” designed to steal information.
RisePro is distributed via websites hosting pirated software, cracks, loaders and similar illegal content, and infects endpoints via PrivateLoader pay-per-install (PPI) malicious software distribution service.
Theft of cryptocurrency account details
According to the researchers, RisePro shares many similarities with PrivateLoader, which led the researchers to conclude that the malware distribution platform now has its own module for stealing information. Moreover, they discovered that it was most likely built on Vidar as a foundation, since it uses the same system of built-in DLL dependencies.
RisePro looks for data from an extensive list of browsers, browser extensions, and cryptocurrency wallets, including Google Chrome, Firefox (and 30 other browsers), Authenticator, MetaMask, and Coinbase (and 26 other browser extensions). In addition, it steals data from Discord, battle.net, Authy Desktop and can scan file system folders for valuable data such as credit card information.
According to Flashpoint, criminals have already started selling RisePro logs with sensitive personal information on Russian dark web markets. Attackers interested in buying the logs or the tool itself can do so via Telegram by interacting with the Telegram bot.
Researchers describe PrivateLoader as a pay-per-install malware distribution service often disguised as software cracking or key generation. Until today, PrivateLoader has only distributed RedLine Stealer or Raccoon, which are very popular tools for stealing information in the cybercriminal community.
The best way to protect yourself from such threats is to refrain from downloading illegal content and only download software from legal, verified sources. A strong antivirus solution is also recommended.
Through: Beeping Computer (opens in a new tab)