"New RisePro Infostealer Increasingly Popular Among Cybercriminals"

According to researchers at Flashpoint, a recently identified information stealer named "RisePro" is being distributed by pay-per-install malware downloader service "PrivateLoader."  RisePro is written in C++ and harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs.  The researchers noted that RisePro was initially spotted on December 13, featured on a cybercrime marketplace called Russian Market, where cybercriminals upload and sell logs exfiltrated using stealers.  The researchers stated that the malware appears to be based on Vidar stealer, which has been analyzed several times in the past.  Vidar is known for downloading a series of dependencies and configuration settings from its command-and-control (C&C) server.  The infostealer was cracked in 2018, and several clones were seen in the past, including the "Oski" and "Mars" stealers.  The researchers noted that they have seen RisePro using dropped dynamic link library (DLL) dependencies that Vidar uses, and the malware's analysis suggests that it is very likely a clone of Vidar.  However, RisePro also shows similarities with other information stealers out there.

SecurityWeek reports: "New RisePro Infostealer Increasingly Popular Among Cybercriminals"