Beware! PureCrypter Malware Distributed Through Discord

Security company Menlo Labs has issued a warning about a threat actor who is using PureCrypter downloader to distribute various forms of malware to government entities in the Asia-Pacific and North America regions.

As part of these attacks, the attackers are using Discord for distribution purposes, while a commandeered non-profit organization's domain is serving as a command-and-control (C&C) server to host a secondary payload. The targeted victims are being hit with a range of threats, including Redline Stealer, AgentTesla, Eternity, Blackmoon, and Philadelphia ransomware. PureCrypter is a sophisticated downloader that offers persistence and has been available for purchase since March 2021.

The threat is written in .NET, supports different injection types and defense mechanisms, and can be customized with fake messages and additional files. In the current campaign, the attackers are hosting PureCrypter on Discord and using email to send a link to the payload to the intended targets, while hiding the downloader inside password-protected ZIP files to bypass existing defenses. Once the PureCrypter loader is executed on the system, it attempts to fetch a secondary payload from a commandeered non-profit organization's website.

The payload has been identified as the AgentTesla information stealer, which is communicating with an FTP server in Pakistan to exfiltrate victim data. Menlo notes that the server was likely accessed using compromised credentials found online.

Why Are Threat Actors Using Third-Party Legitimate Platforms to Distribute Malware?

Threat actors are using third-party legitimate platforms, such as Discord, to distribute malware because these platforms provide a level of anonymity and make it difficult for security solutions to detect and block the malicious activity. By using these platforms, the attackers can create fake accounts or leverage legitimate ones to spread malicious links or files, which are often disguised as harmless content. Additionally, using third-party platforms provides the attackers with access to a large number of potential victims, making it easier for them to find and target vulnerable systems.

Furthermore, attackers often use legitimate domains as a command-and-control (C&C) server to evade detection, as traffic to these domains is less likely to be blocked by security solutions.

Overall, the use of third-party legitimate platforms allows threat actors to bypass security measures and more effectively deliver their malware to victims.

By Zaib
March 1, 2023
Malware
English
March 1, 2023
Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Android Malware

Beware of Autolycos Android Malware

Autolycos is the name of a strain of Android malware. It can infect any Android device and acts as a Trojan. Autolycos was distributed through malicious applications that were found on the Google Play Store. Action... Read more

November 11, 2022
Malware

Beware: Shikitega Malware Targets Linux Systems

Shikitega is the name of a newly discovered piece of malware targeting devices that run Linux, specifically IoT devices and endpoints. The malware comes with a complex, multi-step infection chain and includes a... Read more

September 8, 2022
Malware

Beware of the WhatsApp Pink Malware

Cybercriminals often shill their latest piece of mobile malware by promoting it as an enhanced version of a popular piece of software like Instagram, WhatsApp, Telegram, Snapchat, etc. One of the latest malware... Read more

April 20, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.