PrivateLoader is delivered through a network of websites that claim to provide “cracked” software, which is modified versions of popular legitimate applications that people commonly use.
These websites are SEO optimized and usually appear at the top of search queries that contain keywords such as “crack” or “crack download” preceded by the software name.
Visitors are lured into clicking a “Download Crack” or “Download Now” button to obtain an allegedly cracked version of the software.
The JavaScript for the download button is retrieved from a remote server.
After a few redirections, the final payload is served to the user as a password-protected compressed (.zip) archive which contains one of the malware payloads mentioned above.
Sign Up For Threat Alerts
Aug 04, 2022
Google Drive And Dropbox Used By APT29...
Cloaked Ursa (aka: APT29) has been targeting governmental entities in several countries with spear-phishing campaigns...
Aug 03, 2022
Manjusaka: A Chinese sibling of Sliver and...
Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild...
Aug 03, 2022
macOS Targeted With The CloudMensis Multi-Staged Malware
ESET researchers discovered a previously unknown macOS backdoor that spies on users of the compromised...
Aug 01, 2022
Attackers Target Ukraine With GoMet Backdoor
Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage...
Jul 31, 2022
Untangling KNOTWEED: European private-sector offensive actor using...
The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a...
Jul 31, 2022
Untangling KNOTWEED: European private-sector offensive actor using...
The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a...
Jul 26, 2022
EvilNum Targets Cryptocurrency, Forex, Commodities
Proofpoint Threat Research observed the group Proofpoint calls TA4563 targeting various European financial and investment...
Jul 25, 2022
Lightning Framework: New Undetected “Swiss Army Knife”...
Lightning is a previously undocumented and undetected Linux threat. Lightning is a modular framework we...
Jul 24, 2022
Redeemer Ransomware
Redeemer 2.0 Being Distributed Via Affiliate Program Cyble Research Labs has constantly been tracking emerging...
Jul 21, 2022
Cobalt Strikes again: UAC-0056 continues to target...
The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that...
Jul 20, 2022
Trello From the Other Side: APT29 Phishing...
Beginning mid-January 2022, Mandiant detected and responded to an APT29 phishing campaign targeting a diplomatic...
Jul 18, 2022
New OrBit Linux Malware That Hijacks Execution...
New and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks...
Jul 18, 2022
North Korean threat actor targets small and...
A group of actors originating from North Korea that Microsoft Threat Intelligence Center (MSTIC) tracks...
Jul 13, 2022
ChromeLoader – New Stubborn Malware Campaign
A new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was...
Jul 13, 2022
Raspberry Robin Worm Abuses Windows Installer and...
The Cybereason team is investigating a series of recent infections with the Raspberry Robin campaign,...