Zscaler experts report that hackers are again stealing from hackers, as it turned out that the creator of the malware, Prynt Stealer, equipped his creation with a backdoor. With the help of this “bookmark”, Prynt Stealer makes a copy of all the data stolen from the victim and leaks information not only to its operators, but also to the author of the malware.
우리도 그렇게 썼다는 것을 상기시켜 드리겠습니다. 특이한 YTSealer 유튜버를 표적으로 삼는 악성코드, 그리고 그것도 그만큼 ModernLoader RAT Trojan Is Used to Infect Systems with Stealers and Cryptominers.
처음으로, Prynt Stealer, based on the sources of AsyncRAT and the StormKitty infostealer, came to the attention of information security experts back in April 2022. Then the malware was studied by analysts from 사이블. They said that the malware has broad capabilities, comes with additional keylogger and clipper modules, and is advertised as a solution for compromising a wide variety of browsers, instant messengers, and gaming applications, and is also capable of carrying out direct financial attacks.
Prynt Stealer is a subscription service and the author is asking $100/month, $200/quarter, or $700/year, and also offers a lifetime license for $900.
Back in the spring, it was reported that data stolen by Prynt Stealer is usually compressed and transmitted to malware operators via a 전보 bot. 하지만, as researchers from Zscaler now write, Prynt Stealer contains a backdoor: the malware comes with an additional hard-coded token and Telegram ID, and the data stolen from the victims is also sent to the malware author.
DarkEye token,Telegram ID and the keylogger code
Zscaler analysts note that Prynt Stealer may be related to more than just AsyncRAT and StormKitty mentioned above. They also found a connection with the WorldWind and DarkEye malware families, and suggest that the same author may be behind these malware.
After examining a leaked copy of the Prynt Stealer builder, the researchers found that during execution, the loader extracts DarkEye Stealer from 불화 and configures it to transfer data to the malware author. 사실은, DarkEye is a variant of Prynt Stealer, and the difference between them is only in the enabled or disabled clipper and keylogger functions.
게다가, the author of Prynt Stealer configured the builder in such a way that it loads and executes LodaRAT. This is an old but powerful Trojan dating back to 2017 that allows a remote attacker to take full control of the infected system, steal information, inject additional payloads, 등등.
Scheme of infection
The researchers suggest that after this exposure, Prynt Stealer will lose the bulk of its customers. 하지만, it seems that the malware creator has two new products on the way, and at present it is almost not advertised on hacker forums.
코멘트를 남겨주세요