BTC $56051.8376
ETH $3218.1633
BNB $396.4199
SOL $110.7149
XRP $0.5519
ADA $0.6156
AVAX $39.1198
DOGE $0.0917
TRX $0.1407
wstETH $3728.9977
LINK $19.0128
DOT $8.0469
WETH $3193.8813
MATIC $1.0418
UNI $10.7764
WBTC $55911.0276
IMX $3.3222
ICP $12.9221
BCH $297.7215
LTC $75.3171
CAKE $3.2025
FIL $8.1465
ETC $28.0611
RNDR $7.5168
KAS $0.1715
DAI $1.0043
HBAR $0.1103
ATOM $11.0992
VET $0.0490
INJ $36.1781
TON $2.1807
OKB $51.3647
STX $3.1226
LDO $3.5279
FDUSD $0.9998
XMR $138.2001
TIA $17.3425
ARB $1.9103
NEAR $3.9893
XLM $0.1190
GRT $0.2848
ENS $22.1628
THETA $2.1616
WEMIX $2.1065
APEX $2.4652
MKR $2118.4103
BEAM $0.0360
BTC $56051.8376
ETH $3218.1633
BNB $396.4199
SOL $110.7149
XRP $0.5519
ADA $0.6156
AVAX $39.1198
DOGE $0.0917
TRX $0.1407
wstETH $3728.9977
LINK $19.0128
DOT $8.0469
WETH $3193.8813
MATIC $1.0418
UNI $10.7764
WBTC $55911.0276
IMX $3.3222
ICP $12.9221
BCH $297.7215
LTC $75.3171
CAKE $3.2025
FIL $8.1465
ETC $28.0611
RNDR $7.5168
KAS $0.1715
DAI $1.0043
HBAR $0.1103
ATOM $11.0992
VET $0.0490
INJ $36.1781
TON $2.1807
OKB $51.3647
STX $3.1226
LDO $3.5279
FDUSD $0.9998
XMR $138.2001
TIA $17.3425
ARB $1.9103
NEAR $3.9893
XLM $0.1190
GRT $0.2848
ENS $22.1628
THETA $2.1616
WEMIX $2.1065
APEX $2.4652
MKR $2118.4103
BEAM $0.0360
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New infostealer infects devices via fake PrivateLoader websites


    The new RisePro infostealer is spreading through fake sites managed by the PPI service (pay-per-install) PrivateLoader . RisePro steals credit cards, passwords and crypto wallets of victims.

    The malware was discovered by analysts at Flashpoint and Sekoia, with both companies confirming that RisePro is a previously undocumented information theft tool now spread through fake crackers and key generators.

    Flashpoint reports that attackers have already begun selling thousands of RisePro logs on Russian darknet markets. RisePro is currently available for purchase via Telegram, where users can also interact with the developer and infected hosts.

    RisePro is a C++-based malware that, according to Flashpoint, could be based on the Vidar password-stealing malware because it uses the same DLL built-in dependency system.

    According to Secoia, some RisePro samples embed DLLs, while other malware extracts them from the C&C server using POST requests.

    The information thief first scans the compromised system, carefully examining registry keys, writes the stolen data to a text file, takes a screenshot, packs everything into a ZIP archive, and then sends the file to the attacker's server.

    RisePro tries to steal a wide range of data from various applications, browsers, crypto wallets and browser extensions: credentials, cryptocurrency, personal data, etc. RisePro can also scan file system folders for sensitive data such as credit card receipts.

    Additionally, Sekoia found significant code similarities between PrivateLoader and RisePro, indicating that PrivateLoader may now be distributing its own infostealer, either for itself or as a service to cybercriminals. Similarities between RisePro and PrivateLoader include string obfuscation techniques, HTTP message obfuscation, and HTTP and port configuration. Experts suggest that RisePro and PrivateLoader were developed by the same people. Based on the evidence collected, Sekoia has not been able to establish an exact connection between the two projects.

    PrivateLoader is a pay-per-install malware distribution service disguised as software cracks, key generators, and game modifications. PrivateLoader functions as a C++ based loader to download and deploy additional malicious payloads on infected Windows hosts. It is mainly distributed through SEO-optimized websites that contain hacked software.

    Author DeepWeb
    Hackers steal food trucks
    6 most popular types of crypto attacks and how to protect against them

    Comments 0

    Add comment