New Variant of RisePro Malware: Enhanced Communication Protocol and Remote Access Capabilities
DUBAI, UNITED ARAB EMIRATES, November 28, 2023 /EINPresswire.com/ — Researchers at ANY.RUN, a leading malware sandbox provider, have analyzed a new variant of the RisePro malware that features a significantly overhauled communication protocol and remote access capabilities. The malware, which has two versions written in C# and C++, has been observed targeting victims worldwide.
πππ² π π’π§ππ’π§π π¬
β’ The new variant employs a custom protocol over TCP for communication, marking a departure from the previous HTTP-based method.
β’ The malware has expanded data exfiltration capabilities, now stealing passwords, browsing history, and sensitive documents from a broader range of applications.
β’ The malware collects information about the userβs IP address, locale, system details, and other computer specifications.
β’ The malware exfiltrates stolen data in a .zip archive named with the country code, IP address, and .zip extension.
ππ‘π ππ¬π π¨π ππππ
The malware optionally deploys remote control functionality via Hidden Virtual Network Computing (HVNC), allowing attackers to take complete control of infected systems.
πππππππ’π¨π§ π¨π ππ‘π π§ππ° ππ’π¬πππ«π¨ π―ππ«π’ππ§π
The analysis results enabled the team to update the detection capabilities of the ANY.RUN sandbox to identify any malicious files or links related to RisePro attacks.
Learn more in ANY.RUNβs blog
Vlada Belousova
ANYRUN FZCO
2027889264
email us here
Visit us on social media:
Twitter
YouTube
