The figure below shows the post by the TA. DETECTS IF THE USER IS IDLE OR PLAYING GAMES.ETHW, ETC, XMR, ERGO, BTC, RVN, KASPA, FLUX MINING.The following are the features provided by PureMiner: TAs are currently providing PureMiner for $99. This is a hidden stealth silent miner an attacker can use it for bots or spread it, and it will automatically mine ETHW or BTC to TAs wallet. Zscaler has provided a deeper technical analysis of the PureCrypter in a blog. The malware is sold for $59 for a one-month subscription. NET-based executable, obfuscated with SmartAssembly, that is further protected with compression, encryption, and obfuscation to make it difficult to detect. PureCrypter malware has been observed distributing multiple RATs and information stealers. Figure 4 – PureLogs Stealer Post by PureCoder The figure below illustrates the post related to PureLogs Stealer. *Extensions: TronLink, MetaMask, Binance Chain Wallet, Yoroi, Coinbase Wallet, Jaxx Liberty, BitApp Wallet, iWallet, Terra Station, BitClip, EQUAL Wallet, Wombat, Cyano Wallet, Nifty Wallet, Math Wallet, Guarda, Coin98 Wallet, TezBox, Trezor Password Manager, EOS Authenticator, Authy, GAuth Authenticator, Authenticator. The following table shows the data targeted by PureLogs. It is specifically designed to steal browser data, crypto wallets, and various applications such as FTP Clients, email clients, and VPNs installed on a system. NET program that developers sell at $99 for a one-year subscription. Below, we have shared information regarding multiple malicious programs. Multiple other TAs are using these malwares in their campaigns. PureLogs and PureCrypt are the most impactful malwares created by PureCoder. Figure 3 – Cyber Crime Forum Post by Threat Actors The figure below shows the TA’s post on a cybercrime forum. The TAs developing this malware have also posted the tool information in the cybercrime forums to attract potential customers. Figure 2 – Purecoder Website Selling Malicious Programs The figure below shows the post by the Purecoder TA. The threat actor offers sales for multiple malicious software programs on their website for various operations, such as miners, information stealers, VNC, and crypters. PureLogs stealer is developed by TA with the name PureCoder. Once the target opens the batch file, the malware will start running on their machine. The zip file contains a cabinet file disguised as a batch file, which holds a malicious executable. The spam email includes a link to download a password-protected zip file the password is provided in the same email. Figure 1 – Tweet Related to PureLogs Malware This tool is used by the Threat Actor (TA) “Alibaba2044” to launch a malicious spam campaign at targets based in Italy on the 14th of December 2022. Italians Users Targeted by PureLogs Stealer Through Spam Campaignsĭuring a routine threat-hunting exercise, Cyble Research and Intelligence Labs (CRIL) came across a tweet about PureLogs information stealer by TG Soft.
0 Comments
Leave a Reply. |