Cyberthreat firm Flashpoint has reported that a recently identified information stealer known as RisePro is being distributed via pay-per-install malware downloader. The downloader service is known as ‘PrivateLoader.’ RisePro was first spotted on December 13 and is written in C++. The information stealer is designed to harvest potentially sensitive information from the targeted compromised machines. After harvesting information, the stealer attempts to exfiltrate it as logs. RisePro was first spotted for sale on a cybercrime marketplace called Russian Market.
The market consists of cybercriminals uploading and selling logs exfiltrated using the stealers. RisePro appears to be based on Vidar stealer, which has been analyzed by cybersecurity researchers several times in the past. RisePro was also observed using a dynamic link library dependency similar to the one that Vidar uses. The malware’s analysis suggests that RisePro is a clone of Vidar, but it also shares similarities with other information stealers that have been previously identified.