Security researchers have identified and detailed a new malware loader called PureCrypter that is causing a lot of confusion. In fact, it is a tool that is bought by cyber criminals to steal sensitive data and information from victims who are obviously completely unaware of what is happening on their devices.
Going into more detail, the experts reveal that it is a .NET executable that uses encryption and obfuscation to evade less effective antiviruses.
It is sold on the Dark Web at a price of $59 per month or a one-time payment of $249 and has been in circulation since at least March 2021. The developer advertises it as the only encryptor capable of taking advantage of the offline and online delivery technique. .
Some of the malware families distributed using PureCrypter include tesla agent, Arkei, AsyncRAT, AZORult Dark Crystal Rat (DCRat), LokiBot, Remcos redline thief nanokernel, Snake Keylogger, and Warzone RAT.
Encryptors act as the first layer of defense against reverse engineering and are typically used to package the malicious payload. PureCrypter also features what it says is an advanced mechanism for injecting embedded malware into native processes and a variety of configurable options to achieve startup persistence and enable additional stealth options.
To avoid running into cyberthreats of this type, it is advisable to install a highly effective antivirus solution on your computer to be at least more secure.