There’s another really good reason not to download pirated software

This malware hits software pirates where it hurts

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

You might save a few dollars downloading pirated software, but you could also end up losing a lot more in the process, as researchers have discovered a cryptocurrency-targeting infostealer lurking among the cracks.

Two separate cybersecurity firms - Flashpoint and Sekoia, uncovered a brand-new information-stealing malware dubbed “RisePro”.

RisePro is being distributed through websites hosting pirated software, cracks, loaders, and similar illegal content, and infects endpoints through the PrivateLoader pay-per-install (PPI)malwaredistribution service.

Stealing crypto account details

According to the researchers, RisePro carries many similarities to PrivateLoader, prompting the researchers to conclude that the malware distribution platform now has its own infostealer. What’s more, they discovered that it was most likely built on Vidar as a foundation, as it uses the same system of embedded DLL dependencies.

RisePro hunts for data from an extensive list ofbrowsers, browser extensions, and cryptocurrency wallets, includingGoogleChrome, Firefox (and 30 other browsers), Authenticator, MetaMask, and Coinbase (and 26 other browser extensions). Furthermore,  it steals data from Discord, battle.net, Authy Desktop, and can scan filesystem folders for valuable data, for example holding credit card information.

A nasty new infostealer malware is landing in email inboxes>This infostealer has a vicious sting for Python developers>These are the best firewalls right now

According to Flashpoint, criminals have already started selling RisePro logs with sensitive, personally identifiable data, on Russian dark web markets. Threat actors interested in buying either the logs, or the tool itself, can do so via Telegram, by interacting with the threat actors’ Telegram bot.

The researchers describe PrivateLoader as a pay-per-install malware distribution service, often posing as a software crack, or a keygen. Up until today, PrivateLoader only distributed RedLine Stealer or Raccoon, both of which are very popular infostealers in the cybercrime community.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The best way to protect against such threats is to refrain from downloading illegal content to begin with, and only download software from legitimate, verified sources. A strongantivirussolution is also advised.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

OLED vs Mini-LED: which TV type is best?