Cybercriminals utilizing Prynt Stealer to gather knowledge from victims are being swindled by the malware developer, who additionally receives a replica of the information over Telegram messaging service.
The malware developer has planted within the builder for the infostealer a backdoor that’s current in each ensuing copy that’s being rented to cybercriminals for costs between $100 per thirty days or $700 per yr to $900 for a lifetime subscription.
Prynt Stealer can steal cryptocurrency pockets data, delicate information saved in net browsers (credentials bank cards), VPN account knowledge, cloud gaming account particulars.
Cyble analyzed Prynt Stealer again in April 2022 and highlighted that it included inactive code for a clipper and keylogger, each being uncommon features for an infostealer.
The info that Prynt Stealer grabs is usually compressed and exfiltrated by a Telegram bot to a channel managed by the cybercriminal.
Nevertheless, in line with a report from cloud safety firm Zscaler, the malware comes with a further, hardcoded Telegram token and ID to ship stolen knowledge to the writer behind the operator’s again.
Constructed for scamming
Prynt Stealer relies on the code of the AsyncRAT distant entry device and the StormKitty infostealer. The developer made some minor modifications to among the options and eliminated others.
Zscaler’s researchers additionally observe that Prynt Stealer is similar to the malware households WorldWind and DarkEye, suggesting that the identical writer is behind them.
Prynt Stealer’s builder is supposed to assist unskilled cybercriminals configure the malware for deployment, setting all parameters and letting the automated device do the work.
Zscaler’s analysts acquired a leaked copy of the builder and located that in execution, a loader fetches ‘DarkEye Stealer’ from Discord and configures it to exfiltrate knowledge to the writer.
DarkEye is a variant of Prynt Stealer, the distinction between them being that the clipper and keylogger performance is enabled within the former and disabled within the latter.
As well as, the malware writer configures the builder to drop and execute LodaRAT, an previous (2017) but highly effective trojan, that permits distant actors to take management of the contaminated system, steal data, fetch further payloads, and many others.
Now that the backdoor in Prynt Stealer has been uncovered, the cybercriminals utilizing it are more likely to look elsewhere. It seems like the Prynt Stealer writer already has two merchandise ready, since they aren’t at present actively promoted hacking boards.
