In a nutshell: As another illustration of why downloading pirated software, games, movies, etc. can be riskier, cybersecurity researchers have discovered new malware to steal information distributed through fake websites hosting pirated and other illegal content.
According to Bleeping Computer, analysts at cybersecurity companies Flashpoint and Sekoia found that malware called RisePro is being distributed through fake hacking sites operated by the pay-per-install (PPI) malware distribution service PrivateLoader, which has so far been almost completely distributed by RedLine Stealer or Raccoon infostilers.
After infecting the system, RisePro tracks down and steals confidential data from an extensive list of applications, including web browsers such as Google Chrome and Firefox, as well as browser extensions and cryptocurrency wallets, including Authenticator, MetaMask and Jaxx Liberty Extension.
RisePro can also extract data from Discord, battle.net and Authy Desktop, and can also scan system folders in search of data such as receipts containing credit card information.
The researchers say that there is a lot in common between RisePro and PrivateLoader in the code, suggesting that the service now has its own information thief, which it can use for its own benefit or as a paid service.
Since it uses the same built-in DLL dependencies, it is believed that RisePro is based on the Vidar malware to steal passwords.
Cybercriminals who want to use RisePro can now purchase it on Telegram. Flashpoint notes that some hackers are already selling thousands of RisePro logs, which contain packets of data stolen from infected devices, on Russian darknet markets. Both the malware itself and the stolen logs can be protected by interacting with the attackers’ Telegram bot.
Pirated software and hacking have long been popular ways to spread malware due to their illegal nature. Last year, it was discovered that 3.2 million Windows-based computers were infected with a Trojan virus spread through illegal Adobe Photoshop downloads, Windows hacking tools and pirated games, resulting in 1.2 TB of files, cookies and credentials stolen between 2018 and 2020. The malware was even able to capture a webcam and take pictures of users.