Prynt Stealer Source Code Shared over Cybercrime Forum

Summary

Prynt Stealer operating on stealth mode to steal sensitive data & credentials from the victims’ systems, browsers, & crypto wallets.
Category: Malware Intelligence Type/Family: Information Stealer Industry: Multiple Region: Global

Executive Summary

THREAT IMPACT MITIGATION
  • Prynt Stealer operating on stealth mode to steal sensitive data & credentials from the victims’ systems, browsers, & crypto wallets.
  • Sensitive data and credentials can be harvested.
  • Harvested data could be used for carrying out financial fraud.
  • Implement MFA using offline token generators.
  • Implement a multi-signature approach for funds held on wallets.

Analysis and Attribution

Information from the Post

  • On 15 August 2022, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor sharing a GitHub link to the source code of the Prynt Stealer.
  • Instructions for creating a bot on Telegram, to use the Prynt Stealer, have also been shared.
  • The Prynt stealer is available on the marketplace at a price of USD 100 per month.
Threat actor’s post on the cybercrime forum
Threat actor’s post on the cybercrime forum
 
Also Read YTStealer Harvesting YouTube Account Credentials

Features of the Malware

Delivery Mechanism

  • It can be delivered via infected email attachments, malicious download links or files, online advertisements, and many other ways.

Functionality

  • Prynt-Stealer functionality allows it to go on stealth mode and sensitive information from the system.
  • The following information can be collected using Prynt stealer:
    • Passwords, cookies, auto-fills, bookmarks, history, and credit cards.
    • System and hardware information.
    • Information from mail clients, FTP clients, etc.
    • Credentials from browser-based crypto wallets.
    • Clipper and Keyloggers.
    • Credentials and logs from VPNs.
  • The stealer has a built-in Prynt Crypter and a file spoofer which can spoof any file extension and track victims.
  • It also offers a Crypto-Malware which can be used to send or receive victims’ cryptocurrency.

Working

  • The stealer deletes the server allowing it to go into stealth mode making it difficult to find.
  • It has a Microsoft Excel exploit built in along with a file pumper which boosts the file size to any specific size such as KB, MB, or GB.
  • After buying the stealer, the buyer needs to go on telegram to create a bot using @BotFather.
  • Once the bot is created, a telegram HTTP API token is received which is to be used in the builder of Prynt stealer.
  • Next, the buyer needs to get a chat id from @id_chatbot and put the number into the builder.
  • Once all the above steps are done, the stealer is ready to be delivered on the victims’ machine.

Services Targetted by the Stealer

Affected Programs/Extensions/Applications
Browser Chrome Opera Yandex Brave Amigo CocCoc Privacy
Edge Comodo CoolNovo SRWare Cent Elements Kometa
Iron Torch Iridium 7Star Chedot Epic Orbitum
itrio Sputnik Vivaldi Coowon Liebao Sleipnir 6 QIP Surf
Crypto Wallets Metamask Armory Atomic Wallet Bitcoin Core Byte-coin Jaxx Litecoin Core
Monero Zcash Dash Core Doge-Coin Electrum Ethereum Exodus
Documents pdf rtf doc docx indd json xlxs
ppt pptx txt xls
Databases db kdb sqlite dsk db4 mdb db3
kdbx mdf dbf sql ini
Source Code c cs cpp asm css go sh
py pyw html php js rb pl
swift java kt ino
Image jpeg jpg png bmp svg psd
VPN Nord VPN Open VPN Proton VPN
Messengers Discord Telegram Pidgin
Gaming Applications Steam Minecraft Uplay

Impact & Mitigation

Impact Mitigation
  • The stealer can harvest credentials and sensitive data from crypto wallets which are primarily browser-based.
  • The sensitive data can be used to do financial fraud and target the victims by using the data.
  • Implement multifactor authentication from an offline token generator like Google Authenticator.
  • Implement a multi-signature approach for funds held on wallets.

References

Appendix

Prynt stealer available for USD 100
Prynt stealer available for USD 100
 
Telegram bot used to create a bot
Telegram bot used to create a bot
 

Table of Contents

Request an easy and customized demo for free