The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro.
Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered “several sets of logs” exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market.
A C++-based malware, RisePro is said to share similarities with another info-stealing malware referred to as Vidar stealer, itself a fork of a stealer codenamed Arkei that emerged in 2018.
“The appearance of the stealer as a payload for a pay-per-install service may indicate a threat actor’s confidence in the stealer’s abilities,” the threat intelligence company noted in a write-up last week.
images from Hacker News