Prynt Stealer Backdoor Steals Data from Other Hackers’ Victims

The new Prynt Stealer backdoor, which uses a Telegram channel for its operations, has caught the attention of cybersecurity researchers due to its unique features. This malware has been updated to steal user data that was previously stolen by cybercriminals who purchased it.

According to a report from Zscaler ThreatLabz, this is not a new technique, but it is particularly dangerous because it allows multiple cybercriminal groups to access the same stolen user data.

What Is Prynt Stealer?

Prynt Stealer first appeared in April 2022. This backdoor, which includes keylogger functionality and clipboard monitoring, is available for $100 per month or a lifetime license for $900. The malware can extract information from browsers, Discord, and Telegram, as well as record keystrokes on the victim’s keyboard.

Recent code analysis revealed that Prynt Stealer borrows heavily from two other malware families: AsyncRAT and StormKitty. To collect data stolen by other cybercriminals, Prynt Stealer uses a dedicated Telegram channel.

Advanced Evasion Techniques

The backdoor also includes features that make it harder to analyze. For example, it monitors the list of running processes on the victim’s computer, looking for “taskmgr,” “netstat,” and “wireshark.” If any of these processes are detected, Prynt Stealer blocks its communication channels with the Telegram channel to avoid detection.

Variants and Source Code Leaks

Researchers at Zscaler note, “There are hacked and leaked versions of Prynt Stealer. We have identified two variants, named WorldWind and DarkEye. The availability of source code for several malware families has made it easier for less skilled attackers to use these threats.”

The creators of Prynt Stealer have gone even further by adding functionality that allows the backdoor to intercept user data stolen by hackers who have purchased the malware.

Source

Onion Market — a free peer-to-peer exchange on Telegram. They offer XMR, BTC, and USDT.TRC20.