Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

New ‘RisePro’ Infostealer Increasingly Popular Among Cybercriminals

A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyberthreat firm Flashpoint reports.

Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs.

A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyberthreat firm Flashpoint reports.

Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs.

RisePro was initially spotted on December 13, featured on a cybercrime marketplace called Russian Market, where cybercriminals upload and sell logs exfiltrated using stealers.

According to Flashpoint, the malware appears to be based on Vidar stealer, which has been analyzed several times in the past.

A fork of the Arkei stealer itself, Vidar is known for downloading a series of dependencies and configuration settings from its command-and-control (C&C) server. The infostealer was cracked in 2018 and several clones were seen in the past, including the ‘Oski’ and ‘Mars’ stealers.

RisePro too was seen using dropped dynamic link library (DLL) dependencies that Vidar uses, and the malware’s analysis suggests that it is very likely a clone of Vidar. However, RisePro also shows similarities with other information stealers out there.

Russian Market, Flashpoint says, lists more than 2,000 logs supposedly exfiltrated using RisePro, which may indicate that the information stealer is gaining popularity among cybercriminals.

The cybersecurity firm also notes that RisePro appears to have been distributed by PrivateLoader for the past year.

Pay-per-install services allow threat actors to buy the ability to have their malicious payloads downloaded onto infected systems, and Flashpoint says it has observed advertisements for this type of services on cybercriminal forums and on Telegram, which is typically used by threat actors to provide customer support.

Related: Multi-Purpose Botnet and Infostealer ‘Aurora’ Rising to Fame

Related: New Infostealer Malware ‘Erbium’ Offered as MaaS for Thousands of Dollars

Related: New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.