A new information-stealing malware, dubbed Prynt Stealer, had been spotted by researchers propagating infections among its targets which possesses distinct features, such as keylogger and clipper modules. This new info-stealer attacks web browsers, gaming, and messaging apps, while also capable of carrying out financial compromises.
The Prynt Stealer is offered via time-based subscriptions, including $100 monthly, $200 quarterly, or $700 yearly. It is also available for those who prefer to purchase the info-stealer via lifetime license for $900. Its operators even included a specialised builder, making it hard to get detected by security once deployed in attack operations.
With stealthiness as a priority for the Prynt Stealer, it highlights a binary obfuscation and Advanced Encryption Standard (AES) or the Rijndael encrypted strings in its features.
Furthermore, the info stealers’ C2 server is encrypted with AES256 along with the obfuscated AppData folder and subfolders for temporarily storing stolen data before exfiltration. It initially scans the drivers existing in the host and then steals all documents, database files, images, and source code, that are 5KB and below in size.
The malware will also steal autofill data, passwords, banking info, cryptocurrency funds, cookies, and search histories from Chrome, Microsoft Edge, and Firefox web browsers. Afterwards, it will hit messaging apps available on the targeted devices, such as Telegram and Discord, along with any available Discord tokens.
The hackers do not stop there since they also exfiltrate gaming apps in the device to collect game files along with other valuable data from popular platforms like Steam and Minecraft.
Several system applications, like FileZilla and NordVPN, are the final targets of the info-stealer, wherein it copies the linked account credentials to a corresponding subfolder inside the AppData folder.
The campaign’s final stage is exfiltration, involving completing system profiling activities, such as taking summary screenshots, running more processes, and compressing everything via the device’s network credentials and Windows product key.
Finally, the hackers will complete the campaign through a Telegram bot wherein a secured encrypted network connection is employed to send the compressed data to their remote server.
Various information-stealing tools are spread throughout underground markets, where threat operators are free to purchase for their attack campaigns. However, experts presume that this new Prynt Stealer malware will not be on some hackers’ top list since it is expensive and has a dubious server infrastructure.
Nevertheless, all users are warned of the new malware since it can execute sophisticated data-stealing attacks that could negatively affect its targets.
