• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers detail purecrypter loader cyber criminals using to distribute malware

Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware

You are here: Home / General Cyber Security News / Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware
June 14, 2022

Cybersecurity researchers have comprehensive the workings of a absolutely-featured malware loader dubbed PureCrypter that’s being purchased by cyber criminals to supply distant access trojans (RATs) and info stealers.

“The loader is a .NET executable obfuscated with SmartAssembly and can make use of compression, encryption, and obfuscation to evade antivirus software package goods,” Zscaler’s Romain Dumont explained in a new report.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Some of the malware family members dispersed utilizing PureCrypter incorporate Agent Tesla, Arkei, AsyncRAT, AZORult, DarkCrystal RAT (DCRat), LokiBot, NanoCore, RedLine Stealer, Remcos, Snake Keylogger, and Warzone RAT.

PureCrypter Malware Loader

Bought for a cost of $59 by its developer named “PureCoder” for a a single-thirty day period plan (and $249 for a one-off life time buy) considering that at minimum March 2021, PureCrypter is advertised as the “only crypter in the marketplace that takes advantage of offline and on line shipping and delivery strategy.”

Crypters act as the to start with layer of protection against reverse engineering and are normally used to pack the malicious payload. PureCrypter also options what it says is an state-of-the-art mechanism to inject the embedded malware into indigenous procedures and a wide variety of configurable possibilities to reach persistence on startup and transform on extra choices to fly less than the radar.

Also available is a Microsoft Office macro builder and a downloader, highlighting the potential first an infection routes that can be employed to propagate the malware.

CyberSecurity

Curiously, although PureCoder helps make it a place to be aware that the “application was created for educational functions only,” its conditions of service (ToS) forbids buyers from uploading the software to malware scanning databases such as VirusTotal, Jotti, and MetaDefender.

“You are not authorized to scan the crypted file, as the crypter by itself has a crafted-in scanner,” the ToS further states.

In 1 sample analyzed by Zscaler, a disk picture file (.IMG) was observed to include a to start with-stage downloader that, in switch, retrieves and operates a second-stage module from a distant server, which subsequently injects the remaining malware payload within other processes like MSBuild.

PureCryter also offers a selection of noteworthy functions that makes it possible for it to clear away by itself from the compromised machine and report the infection status to the writer by using Discord and Telegram.

Discovered this write-up intriguing? Comply with THN on Facebook, Twitter  and LinkedIn to study far more exceptional information we submit.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Apple CEO Tim Cook Pushes Senate For Privacy Legislation
Next Post: Attack on Kaiser Permanente Exposes Data on 70,000 Customers Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.