New information-stealing malware is being spread by fake pirate sites

In a nutshell: In another showing of why downloading pirated software, games, movies, etc., can be riskier than it's worth, cybersecurity researchers have discovered a new information-stealing malware distributed through fake websites hosting pirated and other illegal content.

As reported by Bleeping Computer, the analysts at cybersecurity firms Flashpoint and Sekoia spotted the malware, named RisePro, being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service, which up until now had almost exclusively distributed the RedLine Stealer or Raccoon infostealers.

Once it infects a system, RisePro hunts down and steals sensitive data from an extensive list of applications, including web browsers such as Google Chrome and Firefox, as well as browser extensions and cryptocurrency wallets including Authenticator, MetaMask, and Jaxx Liberty Extension.

Courtesy of Sekoia

RisePro is also able to extract data from Discord, battle.net, and Authy Desktop, and it can scan system folders looking for data such as receipts containing credit card information.

The researchers say there are many code similarities between RisePro and PrivateLoader, suggesting the service now has its own information stealer that it may be using for its own gains or as a paid-for service.

As it uses the same embedded DLL dependencies, RisePro is believed to be based on the Vidar password-stealing malware.

Cybercriminals looking to utilize RisePro can now purchase it from Telegram. Flashpoint notes that some hackers are already selling thousands of RisePro logs that include packages of data stolen from infected devices on the Russian dark web markets. Both the malware itself and the stolen logs can be secured by interacting with the threat actors' Telegram bot.

Pirated software and hacks have long been popular ways of spreading malware, thanks to their illegal nature. It was discovered last year that 3.2 million Windows-based computers were infected by a trojan virus spread through illegal Adobe Photoshop downloads, Windows cracking tools, and pirated games, resulting in 1.2 TB of files, cookies, and credentials being stolen between 2018 and 2020. The malware was even able to hijack a webcam and photograph users.