No Honor Among Thieves - Prynt Stealer’s Backdoor Exposed :kappa:
Technical Comparison of Prynt Stealer, WorldWind, and DarkEye Malware

Stealing information is fundamental to cybercriminals today to scope and gain access to systems, profile organizations, and execute bigger payday schemes like ransomware. Information stealer malware families including Prynt Stealer are often configured through a builder to facilitate the process for less sophisticated threat actors. However, Zscaler ThreatLabz researchers have uncovered the Prynt Stealer builder, also attributed with WorldWind, and DarkEye, has a secret backdoor in the code that ends up in every derivative copy and variant of these malware families. The backdoor sends copies of victims' exfiltrated data gathered by other threat actors to a private Telegram chat monitored by the builder’s developers. While this untrustworthy behavior is nothing new in the world of cybercrime, the victims' data end up in the hands of multiple threat actors, increasing the risks of one or more large scale attacks to follow.

Key Points

• Prynt Stealer is an information stealer that has the ability to capture credentials that are stored on a compromised system including web browsers, VPN/FTP clients, as well as messaging and gaming applications
• The Prynt Stealer developer based the malware code on open source projects including AsyncRAT and StormKitty
• Prynt Stealer uses Telegram to exfiltrate data that is stolen from victims
• The Prynt Stealer malware author added a backdoor Telegram channel to collect the information stolen by other criminals
• The informational stealer malware families known as DarkEye and WorldWind are near identical to Prynt Stealer

https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed

Mothar fockars

haha, somehow I am not really surprised

waduh