Researchers have found a new infostealer on cybercrime forums having innumerable features. It can not only pilfer victims’ data but also execute financial thefts using clippers and keylogging.

Researchers from Cyble have tracked Prynt Stealer in the wild and analysed it comprehensively.  Threat actors use Infostealer like Prynt Stealer to infiltrate corporate networks. 

  • The stealer’s developer asserts that the recent stealer version is untraceable. 
  • Spotted some stealer logs for free on Telegram channels
  • The stealer picks out more than thirty Chromium-based browsers, five FireFox-based browsers, and various FTP, VPN, gaming, and messaging apps. 
  • Besides, the stealer targets several crypto wallets, including Armory, Ethereum, Jaxx, Garuda, and Zcash. 

Use of Modules

Researchers have identified modules in the sample that are not operated by the stealer, including the keylogger, anti-analysis, and clipper.

  • The attackers have designed a builder for this stealer, which can change to control these extra features
  • For example, the anti-analysis functions through hardcoded strings in malware, along with other processes.
  • The clipper can store crypto addresses and keylogging for hardcoded  certain applications
  • The stolen data from the keylogging module is placed in the logs/keylogger folder.

Prynt stealer has several features and has become a favourite with attackers. Users must use strong passwords, have 2FA enabled and circumvent third-party download sources.