Researchers have discovered a new infostealer on cybercrime forums, which has several capabilities. It can steal victims’ data and perform financial thefts with the help of clippers and keylogging.

Prynt Stealer

Researchers from Cyble have discovered Prynt Stealer in the wild and provided a detailed analysis. Such stealers are usually used by threat actors to penetrate corporate networks.
  • The developer of the stealer claims the recent version of the stealer is undetectable. 
  •  spotted a few stealer logs for free on Telegram channels.
  • The stealer targets more than thirty Chromium-based browsers, five Firefox-based browsers, and various FTP, VPN, gaming, and messaging apps.
  • Additionally, the stealer targets multiple crypto wallets, including Armory, Ethereum, Jaxx, Guarda, and Zcash.

Use of modules

Researchers have found specific modules in the sample that are not run by the stealer, including the keylogger, anti-analysis, and clipper. 
  • The attackers have provided a builder for this stealer, which can be customized to control these additional functionalities. 
  • For example, the anti-analysis features work via hardcoded strings in malware, along with other processes.
  • The clipper is used to store crypto addresses and keylogging for hardcoded certain applications.
  • The stolen data from the keylogging module is stored in the logs\keylogger folder.

Conclusion

Prynt stealer has a lot of capabilities and is becoming popular in cybercrime marketplaces. Users are suggested to use a strong password with 2FA, avoid third-party download sources, and reliable anti-malware solutions.
Cyware Publisher

Publisher

Cyware