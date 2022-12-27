You might save a few bucks by downloading pirated software, but you could also lose a lot more in the process, as researchers have discovered a cryptocurrency-focused infostealer lurking among the cracks.

Two separate cybersecurity companies – Flashpoint and Sekoia – discovered a brand new information-stealing malware called “RisePro”.

RisePro is distributed through websites that host pirated software, cracks, loaders, and similar illegal content, and infects endpoints through the PrivateLoader pay-per-install (PPI) malware distribution service.

Stealing crypto account details

According to the researchers, RisePro shares many similarities with PrivateLoader, which led the researchers to conclude that the malware distribution platform now has its own infostealer. In addition, they found that it was most likely built on Vidar as a base, as it uses the same system of embedded DLL dependencies.

RisePro hunts data from an extensive list of browsers, browser extensions, and cryptocurrency wallets, including Google Chrome, Firefox (and 30 other browsers), Authenticator, MetaMask, and Coinbase (and 26 other browser extensions). In addition, it steals data from Discord, battle.net, Authy Desktop and can scan file system directories for valuable data, such as credit card details.

According to Flashpoint, criminals have already started selling RisePro logs containing sensitive, personally identifiable data on Russian dark web markets. Threat actors interested in purchasing the logs or the tool itself can do so through Telegram, by interacting with the threat actors’ Telegram bot.

The researchers describe PrivateLoader as a pay-per-install malware distribution service, often masquerading as a software crack or keygen. To date, PrivateLoader has only distributed RedLine Stealer or Raccoon, both of which are very popular infostealers in the cybercrime community.

The best way to protect against such threats is to refrain from downloading pirated content in the beginning and only download software from legitimate, verified sources. A strong antivirus solution is also advised.