Research Saturday 1.7.23
Ep 263 | 1.7.23

Stealer malware from Russia.

Show Notes

Marisa Atkinson, an analyst from Flashpoint, joins Dave to discuss a new blog post from Flashpoint’s research team about “RisePro” Stealer, malware from Russia, and Pay-Per-Install Malware “PrivateLoader.” “RisePro” is written in C++ and appears to possess similar functionality to the stealer malware “Vidar.” It's also a newly identified stealer, that began appearing as a stealer source for log credentials on the illicit log shop Russian Market on December 13, 2022.

The research states, "Samples that Flashpoint analysts identified indicate that RisePro may have been dropped or downloaded by the pay-per-install malware downloader service “PrivateLoader” in the past year." Analysts identified several sets of logs uploaded to the illicit underground Russian Market, which listed their source as “RisePro.”

The research can be found here: