Sly Hacker Defrauds ‘Novice’ Criminal Hackers
Software Creator Cheats Crooks
According to the latest headlines, the creator of a certain malware, Prynt Stealer, is defrauding cyber criminals who use Prynt Stealer to steal data from victims. As it turns out, when hackers steal data through the use of this software, the creator also receives a copy of the information via the Telegram chat service.
Prynt Stealer is a deep-web favorite as it can steal data from cloud gaming accounts, VPN accounts, cryptocurrency wallet information, as well as sensitive info stored in web browsers; like credentials and credit cards. When in use, Prynt Stealer exfiltrates compressed data to a channel under the control of the criminal hackers through a Telegram bot.
Novice Hackers Duped
The builder for Prynt Stealer assists less experienced thieves in building up the malware for deployment by entering all the necessary settings and letting the automated tool handle the rest. When the builder is executed, a loader retrieves “DarkEye Stealer” from Discord and sets it up to exfiltrate data to the author, according to Zscaler’s experts who obtained a leaked copy of the builder.
Additionally, the creator of the malware instructs the builder to drop and run LodaRAT, an outdated but potent trojan that was developed in 2017 and allows remote actors to take over an infected device, steal data, and get additional payloads among other things. Every copy of Prynt Stealer’s malware includes a backdoor, which the duped dark web hackers rent for roughly $100 per month and $900 per lifetime subscription.
Telegram Token Steals Stolen Data
However, Cyble Research and Intelligence Labs examined the malware back in April 2022. They noticed that it contained inactive code for a clipper and keylogger, both unusual features for an infostealer.
Upon further study, cloud security firm Zscaler claimed that the malware contained more than just a clipper and keylogger. It contained a hardcoded Telegram token and ID that can be used to convey stolen data to the creator without the operator’s knowledge.
Naturally, the everyday hacker wouldn’t know or suspect this, as Prynt Stealer owes its blueprint to AsyncRAT remote access tool and StormKitty infostealer. In Prynt Stealer’s case, the developer eliminated some of the features and made some small changes to others.
What is especially unique about Prynt Stealer, however, is that other malware like WorldWind and DarkEye are highly similar to Prynt Stealer – to the point where it is highly suspected that the same person is responsible for both of them.
With Prynt Stealer’s secret exposed, dark web criminals will most likely look elsewhere. Unfortunately for them, the identity of Prynt Stealer’s creator remains unknown, and research suggests they may already have two more products lined up since they are actively promoted in hacking forums at this time.