Downloading unlicensed software can save you a few dollars, but you risk losing much more because researchers have found a cryptocurrency-targeting info stealer hiding within the cracks.
"RisePro" is a brand-new piece of information-stealing malware that was discovered by two different cybersecurity companies, Flashpoint and Sekoia.
RisePro is disseminated via websites that also house cracked software, loaders, and other illegal content, and it infects endpoints using the pay-per-install (PPI) malware distribution tool PrivateLoader.
Researchers found that RisePro and PrivateLoader are very similar, leading them to believe that the malware distribution platform now has its own info stealer. Furthermore, they determined that it makes use of the similar system of embedded DLL dependencies, suggesting that Vidar served as its likely foundation.
Google Chrome, Firefox (and 30 other browsers), Authenticator, MetaMask, and Coinbase are just a few of the many browsers, browser extensions, and cryptocurrency wallets that RisePro searches through for data (and 26 other browser extensions). Furthermore, it can scan filesystem directories for valuable data, such as those containing credit card information, and steal information from Discord, Battle.net, and Authy Desktop.
Flashpoint claims that in Russian dark web markets, criminals have already begun to sell RisePro logs containing sensitive, personally identifiable information. By communicating with their Telegram bot, threat actors who are interested in purchasing the logs or the tool itself can do so over the messaging app.
PrivateLoader is a pay-per-install malware distribution business, according to the researchers, that frequently masquerades as a software crack or keygen. RedLine Stealer or Raccoon, two extremely well-liked infostealers in the cybercrime community, were the only ones that PrivateLoader provided up to this point.
The best defense against such risks is to avoid downloading unauthorized stuff in the first place and to only obtain software from reliable, trustworthy sources. A powerful antivirus program is also suggested.