Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,255
A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016.
Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month.
Some of the prominent malware families contained within AceCryptor are SmokeLoader, RedLine Stealer, RanumBot, Raccoon Stealer, Stop ransomware, and Amadey, among others.
The countries with the most detections include Peru, Egypt, Thailand, Indonesia, Turkey, Brazil, Mexico, South Africa, Poland, and India.
AceCryptor was first highlighted by Avast in August 2022, detailing the use of the malware to distribute Stop ransomware and RedLine Stealer on Discord in the form of 7-Zip files.
Crypters are similar to packers, but instead of using compression, they are known to obfuscate the malware code with encryption to make detection and reverse engineering a lot more challenging.
They are also indicative of a trend where malware authors advertise such capabilities for other threat actors, less technically sophisticated or otherwise, who are looking to armor their creations.
"Even though threat actors can create and maintain their own custom cryptors, for crimeware threat actors it often may be a time-consuming or technically difficult task to maintain their cryptor in a so-called FUD (fully undetectable) state," ESET researcher Jakub Kaloč said.
"Demand for such protection has created multiple crypter-as–a-service (CaaS) options that pack malware."
AceCryptor-packed malware is delivered via trojanized installers of pirated software, spam emails bearing malicious attachments, or other malware that has already compromised a host.
It's also suspected to be sold as a CaaS, owing to the fact that it's used by multiple threat actors to propagate a diverse range of malware families.
AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks
AceCryptor: the crypter malware that packs a punch! Since 2016, it's been hiding numerous strains of malware under its cloak
thehackernews.com