Pay to play PrivateLoader spreads Smokeloader, Redline, Vidar malware

An examination of a pay-per-install loader has highlighted its place in the deployment of popular malware strains including Smokeloader and Vidar.

On Tuesday, Intel 471 published a report into PrivateLoader that examines cyberattacks making use of the loader since May 2021. The pay-per-install (PPI) malware service has been in the cybercrime field for a time, but it is not known who is behind the malware’s development.

Loaders are used to deploy additional payloads on a target machine. PrivateLoader is a variant that is offered to criminal customers on an installation basis, in which payment is made based on how many victims they manage to secure. 

PrivateLoader is controlled through a set of command-and-control (C2) servers and an administrator panel designed with AdminLTE 3.

Intel 471

The front-end panel offers functions including adding new users, configuration options to select a payload to install through the loader, target selection for locations and countries, the setup of payload download links, encryption, and selecting browser extensions for compromising target machines. 

Distribution of the loader is primarily through cracked software websites. Cracked versions of popular software, sometimes bundled with key generators, are illegal forms of software tampered with to circumvent licensing or payment. 

Download buttons for

Read More: