New malware, RisePro, is terrorizing many browsers: all the details


Mathieu Grumiaux

December 27, 2022 at 2:30 p.m.

6

Malware hack © Shutterstock.com

© Shutterstock.com

This new malicious software is particularly dangerous and attacks banking data as well as the most sensitive information.

It is a new threat that could wreak havoc on thousands of computers around the world. Its name: RisePro.

A malware that steals your bank cards stored in the browser

RisePro is a piece of malware responsible for recovering data from infected computers. The software, coded in C++, has, according to the report by cybersecurity specialist SEKIOA, great similarities with the Vidar malware that appeared in 2018.

The latter was hiding behind the .CHM file extension, used in particular for the help and assistance files used by Windows. However, inside the infected file hides a data-hoover malware that attacks ultra-sensitive information.

Many browsers can be attacked by RisePro software, such as Google Chrome, Brave, but also Mozilla Firefox. SEKIOA has listed nearly 36 browsers and extensions whose cookies, passwords, but also saved bank cards and cryptocurrency wallets can be siphoned off by the malware.

Avoid pirated software to avoid falling victim to this malware

Links between RisePro and the PrivateLoader site have been established by security researchers. The latter allows users to inject malicious payloads into other machines, for example by slipping them into pirated applications. It is possible that PrivateLoader is the source of the malware, but there is no evidence of it today.

SEKIOA indicates that the first traces of use were discovered on December 13th. If PrivateLoader is found to be harboring the malware and selling it to third parties, it is likely to have been spreading massively ever since.

The hackers behind RisePro are currently offering their latest creation for sale, and are using the Telegram app to offer their services for a fee. A dedicated channel also allows anyone who has used RisePro to interact with infected systems, retrieving a .zip file containing screenshots as well as personal information retrieved through the browser.

Source : SEKOIA



Source link -99