RisePro malware, a duplicate of Russia’s Vidar Stealer

January 6, 2023
RisePro Malware Russia Vidar InfoStealer Dark Web

A newly identified information stealer called RisePro malware has been placed on an illegal Russian cybercriminal forum on the dark web. Based on reports, the new infostealer is a spin-off of the Vidar stealer and was being offered by its authors as a credential stealer on dark web marketplaces earlier this month.

The existence of RisePro malware on Russian underground markets implies that it has gained popularity among threat groups in its region. Experts claimed that the malware may have been operating for nearly a year and was launched by its authors through a PrivateLoader Pay-Per-Install service.

This infostealer targets potentially valuable information on infected devices and exfiltrate it in logs. The information stealer malware has exfiltrated over 2,000 logs automatically posted on Russian cybercriminal forums.

Threat groups have been attracted to the service of this new malware as it immediately offers for sale the exfiltrated data from its victims.

 

The RisePro malware showed signs that it is connected to the Vidar stealer.

 

The newly discovered RisePro malware contained several notable functionalities corresponding to the Vidar stealer’s features. The researchers explained that both malware strains use dynamic link library dependencies (DLL).

However, RisePro is one of many copycats of Vidar, as researchers in recent years have spotted many iterations. A malware called Oski was among the first versions of Vidar malware. This iteration was discovered by researchers more than a couple of years ago.

This first version was sold by its authors on Russian underground forums at low prices of $70 and $100. Mars Stealer malware was also identified during the pandemic as a Vidar variant.

The malware’s abilities included data harvesting from well-known web browsers, extensions, and crypto-wallets. Mars Stealer is offered for about $140 to $160 on underground marketplaces during that time.

Cybersecurity experts believe that the constant analysis from researchers causes the reproduction of the Vidar malware. Therefore, organisations should update regarding the IoCs linked with RisePro and take precautionary methods in protecting data and digital assets.

About the author

Leave a Reply