Select Page

Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that’s being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers.

“The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products,” Zscaler’s Romain Dumont said in a new report.

Some of the malware families distributed using PureCrypter include Agent TeslaArkeiAsyncRATAZORultDarkCrystal RAT (DCRat), LokiBotNanoCoreRedLine StealerRemcosSnake Keylogger, and Warzone RAT.

PureCrypter Malware Loader

images from Hacker News