Pay-Per-Install | Breaking Cybersecurity News | The Hacker News

The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed  RisePro . Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based malware, RisePro is said to share similarities with another info-stealing malware referred to as Vidar stealer, itself a fork of a stealer codenamed  Arkei  that emerged in 2018. "The appearance of the stealer as a payload for a pay-per-install service may indicate a threat actor's confidence in the stealer's abilities," the threat intelligence company  noted  in a write-up last week. Cybersecurity firm SEKOIA, which  released  its own analysis of RisePro , further identified partial source code overlaps with PrivateLoader. This encompasses the string scrambling mecha

Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The cybersecurity firm said its investigations into the twin services led it to conclude that PrivateLoader is the proprietary loader of the ruzki PPI malware service. PrivateLoader, as the name implies, functions as a C++-based loader to download and deploy additional malicious payloads on infected Windows hosts. It's primarily distributed through SEO-optimized websites that claim to provide cracked software. Although it was  first documented  earlier this February by Intel471, it's said to have been put to use starting as early as May 2021. S

Don't Let Cybercriminals Sneak in Through the Identity Perimeter: Get Actionable Solutions!

A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices. "The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network communication protocol," Trend Micro  said  in a report published Thursday. PrivateLoader, as documented by Intel 471 in February 2022, functions as a downloader responsible for downloading and installing additional malware onto the infected system, including SmokeLoader, RedLine Stealer, Vidar, Raccoon, GCleaner, and  Anubis . Featuring anti-analysis techniques, PrivateLoader is written in the C++ programming language and is said to be in active development, with the downloader malware family gaining traction among multiple threat ac