- Jul 22, 2014
- 2,525
PonyForx is a fork of the more popular Pony infostealer
A crook named Cronbot is currently selling a new malware variant on Russian underground hacking forums that appears to be a successful fork of an older and very advanced infostealer called Pony.
Named Fox but currently identified by researchers as PonyForx or Fox Stealer, this new malware is currently at v1.0 and has been put up for sale since around August 11, this year.
Its author says this is a fork of the Pony infostealer, plus additional support for other applications that PonyForx can target and extract information and login credentials.
Pony, also known as Fareit, is an old, reputable (among crooks), and reliable information-stealing malware that can get passwords and all sorts of data from a wide range of applications, from browsers to email clients, and from FTP applications to Bitcoin wallets.
Cronbot says PonyForx is Pony updated "for 2016," with updated support for today's most popular apps. The crook is offering his malware for rent as an EXE or DLL file for $250 per month. Even if he's adamant he's not selling access to the PonyForx source code, he lists a price for it of $2,000.
PonyForx deployed in live attacks
Security researcher Kaffeine, who spotted the ad, says PonyForx has been used in live attacks.
The researcher discovered a campaign in September that was using the Neutrino exploit kit to deliver the Godzilla malware loader to users. In turn, Godzilla would download the PonyForx infostealer, and after it was done, it would deliver the Locky ransomware.
Below is Cronbot's ad, translated (via Google Translate) to English, and its original Russian form below.
Read more: http://news.softpedia.com/news/new-...ian-hacking-forums-508661.shtml#ixzz4LOGM1lPx
A crook named Cronbot is currently selling a new malware variant on Russian underground hacking forums that appears to be a successful fork of an older and very advanced infostealer called Pony.
Named Fox but currently identified by researchers as PonyForx or Fox Stealer, this new malware is currently at v1.0 and has been put up for sale since around August 11, this year.
Its author says this is a fork of the Pony infostealer, plus additional support for other applications that PonyForx can target and extract information and login credentials.
Pony, also known as Fareit, is an old, reputable (among crooks), and reliable information-stealing malware that can get passwords and all sorts of data from a wide range of applications, from browsers to email clients, and from FTP applications to Bitcoin wallets.
Cronbot says PonyForx is Pony updated "for 2016," with updated support for today's most popular apps. The crook is offering his malware for rent as an EXE or DLL file for $250 per month. Even if he's adamant he's not selling access to the PonyForx source code, he lists a price for it of $2,000.
PonyForx deployed in live attacks
Security researcher Kaffeine, who spotted the ad, says PonyForx has been used in live attacks.
The researcher discovered a campaign in September that was using the Neutrino exploit kit to deliver the Godzilla malware loader to users. In turn, Godzilla would download the PonyForx infostealer, and after it was done, it would deliver the Locky ransomware.
Below is Cronbot's ad, translated (via Google Translate) to English, and its original Russian form below.
Read more: http://news.softpedia.com/news/new-...ian-hacking-forums-508661.shtml#ixzz4LOGM1lPx
