Researchers Trace ManticoraLoader Malware Back to Ares Developer

Published:

spot_img

Tracking the Rise of ManticoraLoader Malware: A Closer Look at the Latest MaaS Threat

A new malware-as-a-service (MaaS) called ManticoraLoader has emerged on the cybercriminal scene, being distributed by the alias ‘DarkBLUP’ on the XSS forum. This alias was previously associated with distributing malware from the DeadXInject group, including the AresLoader malware and AiDLocker ransomware.

Offered on DeadXInject’s Telegram channel since August 8, 2024, ManticoraLoader is a versatile and potent tool for cybercriminal operations. Compatible with Windows 7 and later versions, including Windows Server, this malware variant can target a wide range of systems still in use today.

One of the key features of ManticoraLoader is its ability to gather extensive information from infected devices, such as IP address, username, system language, installed antivirus software, UUID, and date-time stamps. This data is then sent back to a centralized control panel, allowing threat actors to profile victims and customize their attacks.

The loader’s modular design enables easy extension of functionalities upon request, making it adaptable to various malicious objectives. It also employs sophisticated obfuscation techniques to evade detection, with a reported detection rate of 0/39 on Kleenscan.

The threat actors behind ManticoraLoader have implemented a strict transaction process, limiting clients to 10 and offering the service through the forum’s escrow service or direct contact via Telegram or TOX. Priced at $500 per month, this MaaS is designed to generate a steady stream of revenue for cybercriminals.

While the researchers are unsure why DarkBLUP remained inactive for over a year, they suggest that the group is expanding their arsenal with ManticoraLoader to diversify their offerings and increase monetization. As AresLoader continues to be widely used, it appears that the group is not abandoning their previous projects but rather evolving their malicious activities.

spot_img

Related articles

Recent articles

Taiwan Strengthens Crisis Response with Realistic Drills Amid Rising Chinese Threats

Taiwan Strengthens Crisis Response with Realistic Drills Amid Rising Chinese Threats In a significant move to bolster its national security, Taiwan recently conducted a comprehensive...

Ahlibank Publishes Inaugural ESG Report, Strengthening Climate-Risk Management and Sustainability Efforts

Ahlibank Publishes Inaugural ESG Report, Strengthening Climate-Risk Management and Sustainability Efforts Doha, Qatar – Ahlibank Q.P.S.C. has unveiled its first standalone Environmental, Social, and Governance...

Four Arrested in Assam’s Hailakandi for Cyber Fraud Tied to Chinese Betting Syndicate

Four Arrested in Assam's Hailakandi for Cyber Fraud Tied to Chinese Betting Syndicate In a significant crackdown on cybercrime, Hailakandi Police in Assam have apprehended...

Arista Properties Strengthens UAE’s Future with Groundbreaking of HQ Development

Arista Properties Strengthens UAE's Future with Groundbreaking of HQ Development Dubai, UAE – Arista Properties has officially commenced construction on its flagship commercial project, HQ,...