Malware families using Pay-Per-Install service to expand targets

The PrivateLoader is a Pay-Per-Install malware (PPI) that delivers a wide variety of malware. Including Vidar, Raccoon, Redline, Smokeloader, Danabot, GCleaner, Discoloader, and others, according to Intel 471.

The dangerous PPI malware service isn’t new. Yet authorities haven’t managed to pinpoint who exactly is behind its development. Malicious hackers/threat actors use loaders to send extra payloads to targeted machines.

Cybercriminals use PrivateLoader on an installation basis. The payment for the payload is based on the number of victims that were infected with malware.

The Malware is Shared Through Cracked Software Updates

The PrivateLoader uses C2 (a set of command-and-control servers). And an administrator panel that carries AdminLTE3. It is among the most trendy malware loaders on the web. And the loader is installed and deployed by hackers more than ever.

Cracked software websites distribute malware. These illegal forms of updates are tampered with to avoid licensing or payment. Though the thought of getting software or licensing for free is appealing to many, they should abstain from it.

The cybersecurity firm Intel 471 discovered various malicious executable exe. files. Once installed on a users’ PC, various malware such as PrivateLoader, GCleaner, or Redline load reseller.

The most popular distributed malware appears

Read More: