The PureCoder threat group is a newly identified entity that sells several malware strains on the dark web forums. Based on reports, the group offers cryptominers, info stealers, and crypters on underground markets.
Researchers claimed several threat groups already use some of these malware variants for their attacks.
PureCoder promotes two of its most efficient strains on black markets.
According to investigations, two of the most impactful malware strains sold by PureCoder include PureCrypt and PureLogs. The threat actors have posted information about these malware variants in a cybercriminal forum to attract more customers.
The first malware, which is the PureCrypter, is a strain that distributes multiple Remote Access Trojans (RATs) and stealers. The current price for this malware is $59 for a monthly subscription and $245 for lifetime use.
On the other hand, the PureLogs malware is a malicious [.]net program developed by its authors to steal data from crypto wallets, browsers, and other applications. The actors are offering this strain for nearly a hundred dollars for a one-year subscription.
An Italian cybersecurity firm spotted the PureLogs infostealer used by Alibaba2044 threat actors to deploy a spam campaign aimed at Italian organisations and firms. The campaign operators used a spam email with an embedded link to download a password-protected zip archive.
The email carried a cabinet file that pretended to be a batch document containing a malicious executable and the password to open the file. Once a target accesses the batch file, the malware will execute the PureLogs stealer on its system.
The PureCoder threat group currently offers several hostile software programs besides PureCrypter and PureLogs. Some researchers said that the PureMiner, BlueLoader, and PureHVNC are also the malware strains sold by PureCoder on several cybercriminal forums.
In addition, several threat groups have already purchased these strains and are currently being used by them for their campaigns.
The abundance of malicious yet affordable tools severely threaten all users. Therefore, users should refrain from opening untrusted and unwanted links in an email to mitigate the chances of infection. Users should ensure to employ competent internet security software and anti-malware solutions.
