Prynt Stealer Malware는 다크 웹에서만 판매됩니다. $100 달마다
Cybersecurity specialists from Cyble 발견했다 a new information-stealing malware called Prynt Stealer. The malware has a wide range of capabilities and comes with additional keylogger and clipper modules.
프린트 스틸러 is advertised as a solution to compromise a wide variety of browsers, instant messengers and gaming applications, and it is also capable of carrying out direct financial attacks.
Prynt Stealer is a subscription service and the authors charge $100/month, $200/quarter, or $700/year, and offer a lifetime license for $900.
그런데, if you are interested in the darknet criminal life, you might like our article: 다크넷 사이트 악마 그룹이 다시 작업 중입니다.: 러시아인이 사이버 범죄자를 야생으로 풀어 놓으십시오.? or you might be interested in this information: 레드라인 스틸러 맬웨어는 두 가지 주요 시장에서 자격 증명의 주요 소스입니다..
그 위에, buyers can use the constructor to create their own, compact and hard-to-detect version of the malware that can be used in targeted attacks.
Cyble analysts write that Prynt Stealer was created with an emphasis on stealth and uses binary obfuscation and string encryption using Rijndael. 게다가, all communications with the management servers are encrypted using AES256, and the AppData folder (and subfolders) needed to temporarily store stolen data is hidden.
Once on the victim’s machine, Prynt Stealer scans all disks on the host and steals documents, database files, source code, and image files smaller than 5120 bytes (5 KB).
그 후, the malware switches to browsers based on Chrome, Firefox and MS Edge, stealing autofill data, credentials, bank card information, search history and cookies. At this stage, the malware uses ScanData() to search browser data for keywords related to banks, cryptocurrencies, and porn sites, and steals what it finds if information is found.
After Prynt Stealer attacks messengers, 포함 불화, Pidgin 과 전보, and steals Discord tokens if they are in the system. Game application authorization files, game save files and other valuable data from Ubisoft Uplay, 증기 과 마인크래프트 are also stolen.
포티넷, the malware queries the registry to find the data of cryptocurrency wallets such as Zcash, Armory, 바이트코인, Jaxx, 이더 리움, AtomicWallet, Guarda 과 Coinomi, and also steals information from FileZilla, OpenVPN, NordVPN and ProtonVPN by copying the corresponding credentials to the one mentioned above. subfolder in AppData.
The data transfer itself is carried out using a Telegram bot, which uses an encrypted network connection to upload the dump to a remote server.
상술 한 바와 같이, in addition to these functions, the malware is equipped with keylogger modules (to intercept keystrokes) and a clipper (tracks and replaces cryptocurrency addresses in the clipboard).
