SELL FASTER BUY SMARTER SEARCH SHOP ADVERTS


SCROll DOWN TO SEE FORM TO POST ..SCROll DOWN TO SEE FORM TO POST
++MAP OR ENTER BELOW

THN

Prynt Stealer Contains a Backdoor to Steal Victims’ Data Stolen by Other Cybercriminals

Prynt Stealer

Researchers discovered a private Telegram channel-based backdoor
in the information stealing malware, dubbed Prynt Stealer,
which its developer added with the intention of secretly stealing a
copy of victims’ exfiltrated data when used by other
cybercriminals.

“While this untrustworthy behavior is nothing new in the world
of cybercrime, the victims’ data end up in the hands of multiple
threat actors, increasing the risks of one or more large scale
attacks to follow,” Zscaler ThreatLabz researchers Atinderpal Singh
and Brett Stone-Gross said[1]
in a new report.

Prynt Stealer, which came to light[2]
earlier this April, comes with capabilities to log keystrokes,
steal credentials from web browsers, and siphon data from Discord
and Telegram. It’s sold for $100 for a one-month license and $900
for a lifetime subscription.

CyberSecurity

The cybersecurity firm analysis of Prynt Stealer shows that its
codebase is derived from two other open source malware families,
AsyncRAT[3]
and StormKitty[4], with new additions
incorporated to include a backdoor Telegram channel to collect the
information stolen by other actors to the malware’s author.

Prynt Stealer

The code responsible for Telegram data exfiltration is said to
be copied from StormKitty, but for a few minor changes.

Also included is an anti-analysis feature that equips the
malware to continuously monitor the victim’s process list for
processes such as taskmgr, netstat, and wireshark, and if detected,
block the Telegram command-and-control communication channels.

While bad actors have employed similar data stealing tactics in
the past where the malware is given away for free, the development
marks one of the rare instances where a stealer that’s sold on a
subscription basis is also sending the plundered information back
to its developer.

CyberSecurity

“Note that there are cracked/leaked copies of Prynt Stealer with
the same backdoor, which in turn will benefit the malware author
even without direct compensation,” the researchers said.

Zscaler said it identified two more variants of Prynt Stealer
variants dubbed WorldWind and DarkEye written by the same author,
the latter of which is bundled as an implant with a “free” Prynt
Stealer builder.

The builder is also designed to drop and execute a remote access
trojan called Loda RAT[5], an AutoIT-based malware
that’s able to access and exfiltrate both system and user
information, act as a keylogger, take screenshots, launch and
terminate processes, and download additional malware payloads via a
connection to a C2 server.

“The free availability of source code for numerous malware
families has made development easier than ever for less
sophisticated threat actors,” the researchers concluded.

“The Prynt Stealer author went a step further and added a
backdoor to steal from their customers by hardcoding a Telegram
token and chat ID into the malware. As the saying goes, there is no
honor among thieves.”

References

  1. ^
    said
    (www.zscaler.com)
  2. ^
    came to
    light     (thehackernews.com)
  3. ^
    AsyncRAT
    (github.com)
  4. ^
    StormKitty
    (github.com)
  5. ^
    Loda
    RAT     (thehackernews.com)

Read more

.An African People Search Engine Business directory and Entertainment Portal . Powered by The Swordpress Blog and the folks @ ojoojoo.com and Dotifi Web hosting

Submit A Place
Help Us Review This SwordPress !

RSS Latest News

Post Views: 677
[activity-stream]
THE HITCH hikers guide to Nigeria JobScout | Developed By Rara Theme. Powered by WordPress.
Get Mobile App Get Mobile App
Get Mobile App

Add a new location

Edit Location

Add up to 5 images to create a gallery for this location.

×