It was determined that the last activity collected on the FlashPoint radar on December 13, 2022, the information collected was published in the illegal cybercrime market called ‘Russian Market’ in several data sets.
It was determined that the last activity collected on the FlashPoint radar on December 13, 2022, the information collected was published in the illegal cybercrime market called 'Russian Market' in several data sets.
What Can RisePro Malware Do?
The C++-based RisePro software bears similarities to Vidar, a malware that emerged in 2018 after password stealing. The DLL directories of this malware by FlashPoint are listed in the table below.
RisePro isn’t much different from other apps in that it can steal a wide variety of data from 36 web browsers, including cookies, passwords, credit cards, crypto wallets, and collect and overload interesting files like other apps do.
PrivateLoader is a pay-per-install malware distribution service. Threat actors provide the criteria and payment to the PrivateLoader team to target the malware sample they want to distribute, and the PrivateLoader team then uses networks of fake and hacked websites to distribute the malware.
Among the predicted scenarios, the most popular is that the team that developed RisePro is the developers of PrivateLoader. Another theory is that RisePro is an evolution of PrivateLoader, or that legacy developers are currently trying to bring RisePro to the fore.
Based on the data collected, Sekoia still hasn’t figured out the exact link between these two projects.
Source:
https://thehackernews.com/2022/12/privateloader-ppi-service-found.html
https://thehackernews.com/2022/12/privateloader-ppi-service-found.html
