"New NetDooka Malware Spreads via Poisoned Search Results"

NetDooka is a new malware framework that has been observed being spread through the PrivateLoader pay-per-install (PPI) malware distribution service, which allows malicious actors to gain full access to an infected device. The malware framework contains a loader, dropper, protection driver, and a RAT component that relies on a custom network communication protocol. Researchers at TrendMicro discovered the first samples of NetDooka, warning that the tool is highly capable despite being in its early development phase. The PrivateLoader PPI service is a malware distribution platform, first detected and analyzed by Intel471 in February 2022. This platform relies on laced files uploaded onto torrent sites and the practice of Search Engine Optimization (SEO) poisoning. It has been used to distribute various malware strains, including Raccoon Stealer, Redline, Smokeloader, Vidar, Mars stealer, Trickbot, Danabot, and Remcos. This article continues to discuss the PrivateLoader PPI malware distribution service and the NetDooka infection chain. 

Bleeping Computer reports "New NetDooka Malware Spreads via Poisoned Search Results"