Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs.
RisePro was initially spotted on December 13, featured on a cybercrime marketplace called Russian Market, where cybercriminals upload and sell logs exfiltrated using stealers.
According to Flashpoint, the malware appears to be based on Vidar stealer, which has been analyzed several times in the past.
A fork of the Arkei stealer itself, Vidar is known for downloading a series of dependencies and configuration settings from its command-and-control (C&C) server. The infostealer was cracked in 2018 and several clones were seen in the past, including the ‘Oski’ and ‘Mars’ stealers.
What do you think?
It is nice to know your opinion. Leave a comment.