• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
purecrypter malware targets government entities in asia pacific and north america

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

You are here: Home / General Cyber Security News / PureCrypter Malware Targets Government Entities in Asia-Pacific and North America
February 27, 2023

Authorities entities in Asia-Pacific and North The us are getting targeted by an not known risk actor with an off-the-shelf malware downloader recognised as PureCrypter to produce an array of data stealers and ransomware.

“The PureCrypter campaign takes advantage of the domain of a compromised non-earnings business as a command-and-control (C2) to supply a secondary payload,” Menlo Security researcher Abhay Yadav reported.

The distinctive types of malware propagated applying PureCrypter contain RedLine Stealer, Agent Tesla, Eternity, Blackmoon (aka KRBanker), and Philadelphia ransomware.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Initial documented in June 2022, PureCrypter is marketed for sale by its writer for $59 for one-month accessibility (or $245 for a just one-off life span obtain) and is capable of distributing a multitude of malware.

PureCrypter Malware

In December 2022, PureCoder – the developer guiding the application – expanded the slate of choices to contain a logger and data stealer regarded as PureLogs, which is built to siphon info from web browsers, crypto wallets, and email shoppers. It fees $99 a yr (or $199 for life span entry).

The infection sequence in-depth by Menlo Security commences with a phishing email that contains a Discord URL that points to the very first-phase ingredient, a password-safeguarded ZIP archive that, in change, hundreds the PureCrypter malware.

The loader, for its section, reaches out to the web site of the breached non-profit entity to fetch the secondary payload, which is a .NET-based keylogger named Agent Tesla.

The backdoor then establishes a relationship to an FTP server located in Pakistan to exfiltrate the harvested facts, indicating that compromised credentials might have been utilised to complete the exercise.

Uncovered this write-up attention-grabbing? Observe us on Twitter  and LinkedIn to examine more distinctive articles we submit.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Governments Targeted by Discord-Based Threat Campaign
Next Post: North Carolina Business Magnate Indicted in $2bn Fraud Case Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.