Jun 14, 2022
Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," Zscaler's Romain Dumont said in a new report. Some of the malware families distributed using PureCrypter include Agent Tesla , Arkei , AsyncRAT , AZORult , DarkCrystal RAT (DCRat), LokiBot , NanoCore , RedLine Stealer , Remcos , Snake Keylogger , and Warzone RAT . Sold for a price of $59 by its developer named "PureCoder" for a one-month plan (and $249 for a one-off lifetime purchase) since at least March 2021, PureCrypter is advertised as the "only crypter in the market that uses offline and online delivery technique." Crypters act as the first layer of de