Researchers Trace ManticoraLoader Malware Back to Ares Developer

Published:

spot_img

Tracking the Rise of ManticoraLoader Malware: A Closer Look at the Latest MaaS Threat

A new malware-as-a-service (MaaS) called ManticoraLoader has emerged on the cybercriminal scene, being distributed by the alias ‘DarkBLUP’ on the XSS forum. This alias was previously associated with distributing malware from the DeadXInject group, including the AresLoader malware and AiDLocker ransomware.

Offered on DeadXInject’s Telegram channel since August 8, 2024, ManticoraLoader is a versatile and potent tool for cybercriminal operations. Compatible with Windows 7 and later versions, including Windows Server, this malware variant can target a wide range of systems still in use today.

One of the key features of ManticoraLoader is its ability to gather extensive information from infected devices, such as IP address, username, system language, installed antivirus software, UUID, and date-time stamps. This data is then sent back to a centralized control panel, allowing threat actors to profile victims and customize their attacks.

The loader’s modular design enables easy extension of functionalities upon request, making it adaptable to various malicious objectives. It also employs sophisticated obfuscation techniques to evade detection, with a reported detection rate of 0/39 on Kleenscan.

The threat actors behind ManticoraLoader have implemented a strict transaction process, limiting clients to 10 and offering the service through the forum’s escrow service or direct contact via Telegram or TOX. Priced at $500 per month, this MaaS is designed to generate a steady stream of revenue for cybercriminals.

While the researchers are unsure why DarkBLUP remained inactive for over a year, they suggest that the group is expanding their arsenal with ManticoraLoader to diversify their offerings and increase monetization. As AresLoader continues to be widely used, it appears that the group is not abandoning their previous projects but rather evolving their malicious activities.

spot_img

Related articles

Recent articles

Unmasking Cybercrime Masterminds with AI

Exploring Dark Web Criminal Networks: An Automated Approach Understanding Dark Web Criminal Forums The dark web continues to be a treasure trove of information for threat...

Europol Breaks Up $540 Million Crypto Fraud Ring, Arrests Five Suspects

## Europol Takes Down Major Cryptocurrency Fraud Ring ### A Significant Crackdown On a recent Monday, Europol reported a notable victory against a large cryptocurrency investment...

HPE and Veeam Unveil Global Framework for Enhanced Data Resilience

HPE and Veeam Unveil Global Framework for Modern Data Resilience Posted at 09:58h in News by Britt Jones In...

U.S. Agencies Alert: Rising Iranian Cyberattacks Target Defense and Critical Infrastructure

Rising Cyber Threats: A Warning from U.S. Agencies on Iranian Attacks Date: June 30, 2025 Author: Ravie Lakshmanan Tags: Cyber Attack, Critical Infrastructure Introduction Cybersecurity and intelligence agencies in...