Researchers have spotted a new threat group, dubbed PureCoder, selling multiple malware, including miners, information stealers, and crypters, on the dark web. These malware are used by multiple threat actors for their campaigns.

Spread of PureLogs/PureCrypt

The two most impactful malware promoted and sold by PureCoder includes PureLogs and PureCrypt. The attackers have posted details of these malware in a cybercrime forum to draw the attention of customers.
  • PureLogs: A malicious DotNET program designed to steal data from browsers, crypto wallets, and various other applications. Attackers are selling this at $99 for a one-year subscription.
  • PureCrypter: Spreads multiple RATs and stealers. It is being sold for $59 for a one-month subscription and $245 for a lifetime subscription.

Use by other threat groups

Recently, Italian cyber security agency TG Soft identified that the PureLogs information stealer was used by Alibaba2044 threat actors to launch a spam campaign aimed at Italian targets. 
  • The attacker used a spam email with a link to download a password-protected zip file.
  • The email carried a cabinet file pretending to be a batch file, holding a malicious executable and the password to open the file.
  • Once a targeted user opens the batch file, the malware (PureLogs stealer) starts executing on their system.

Multiple tools on offer

The PureCoder group is offering several additional malicious software programs along with PureLogs and PureCrypter, including the following:
  • PureMiner: The tool is offered at the price tag of $99 for one year of access and $199 for lifetime access. It operates as a hidden stealth silent miner.
  • BlueLoader: The BlueLoader botnet manages a sizable quantity of bots, and is being sold at a price tag of $99 for one year, and $199 for a lifetime.
  • PureHVNC: A hidden stealth VNC to control systems and sold for one-year uses at a $99 price.


The easy availability of such malicious tools at affordable prices is a serious concern to users. As a precaution, users should stay away from opening untrusted links and email attachments. Additionally, use reliable anti-malware and Internet security software.
Cyware Publisher