Researchers Trace ManticoraLoader Malware Back to Ares Developer

Published:

spot_img

Tracking the Rise of ManticoraLoader Malware: A Closer Look at the Latest MaaS Threat

A new malware-as-a-service (MaaS) called ManticoraLoader has emerged on the cybercriminal scene, being distributed by the alias ‘DarkBLUP’ on the XSS forum. This alias was previously associated with distributing malware from the DeadXInject group, including the AresLoader malware and AiDLocker ransomware.

Offered on DeadXInject’s Telegram channel since August 8, 2024, ManticoraLoader is a versatile and potent tool for cybercriminal operations. Compatible with Windows 7 and later versions, including Windows Server, this malware variant can target a wide range of systems still in use today.

One of the key features of ManticoraLoader is its ability to gather extensive information from infected devices, such as IP address, username, system language, installed antivirus software, UUID, and date-time stamps. This data is then sent back to a centralized control panel, allowing threat actors to profile victims and customize their attacks.

The loader’s modular design enables easy extension of functionalities upon request, making it adaptable to various malicious objectives. It also employs sophisticated obfuscation techniques to evade detection, with a reported detection rate of 0/39 on Kleenscan.

The threat actors behind ManticoraLoader have implemented a strict transaction process, limiting clients to 10 and offering the service through the forum’s escrow service or direct contact via Telegram or TOX. Priced at $500 per month, this MaaS is designed to generate a steady stream of revenue for cybercriminals.

While the researchers are unsure why DarkBLUP remained inactive for over a year, they suggest that the group is expanding their arsenal with ManticoraLoader to diversify their offerings and increase monetization. As AresLoader continues to be widely used, it appears that the group is not abandoning their previous projects but rather evolving their malicious activities.

spot_img

Related articles

Recent articles

India and Indonesia Strengthen Defense Partnership with Landmark BrahMos and Astra Missile Agreements

India and Indonesia Strengthen Defense Partnership with Landmark BrahMos and Astra Missile Agreements India and Indonesia have solidified a significant defense partnership during Prime Minister...

Ajman Unveils $490 Million AM30x30 Agenda to Strengthen Urban Infrastructure and Community Wellbeing

Ajman Unveils $490 Million AM30x30 Agenda to Strengthen Urban Infrastructure and Community Wellbeing Ajman Municipality has officially launched the AM30x30 agenda, a comprehensive initiative encompassing...

Sandisk Advances All-Flash Strategy to Support UAE’s Digital Transformation, Says Ghassan Azzi

Sandisk Advances All-Flash Strategy to Support UAE's Digital Transformation, Says Ghassan Azzi In the rapidly evolving landscape of digital technology, the United Arab Emirates (UAE)...

Tarah Wheeler: Cybersecurity Leader and CISO Strengthening Critical Infrastructure Through Social Science Insights

Tarah Wheeler: Cybersecurity Leader and CISO Strengthening Critical Infrastructure Through Social Science Insights Tarah Wheeler, currently serving as the Chief Information Security Officer (CISO) at...