Researchers Trace ManticoraLoader Malware Back to Ares Developer

Published:

spot_img

Tracking the Rise of ManticoraLoader Malware: A Closer Look at the Latest MaaS Threat

A new malware-as-a-service (MaaS) called ManticoraLoader has emerged on the cybercriminal scene, being distributed by the alias ‘DarkBLUP’ on the XSS forum. This alias was previously associated with distributing malware from the DeadXInject group, including the AresLoader malware and AiDLocker ransomware.

Offered on DeadXInject’s Telegram channel since August 8, 2024, ManticoraLoader is a versatile and potent tool for cybercriminal operations. Compatible with Windows 7 and later versions, including Windows Server, this malware variant can target a wide range of systems still in use today.

One of the key features of ManticoraLoader is its ability to gather extensive information from infected devices, such as IP address, username, system language, installed antivirus software, UUID, and date-time stamps. This data is then sent back to a centralized control panel, allowing threat actors to profile victims and customize their attacks.

The loader’s modular design enables easy extension of functionalities upon request, making it adaptable to various malicious objectives. It also employs sophisticated obfuscation techniques to evade detection, with a reported detection rate of 0/39 on Kleenscan.

The threat actors behind ManticoraLoader have implemented a strict transaction process, limiting clients to 10 and offering the service through the forum’s escrow service or direct contact via Telegram or TOX. Priced at $500 per month, this MaaS is designed to generate a steady stream of revenue for cybercriminals.

While the researchers are unsure why DarkBLUP remained inactive for over a year, they suggest that the group is expanding their arsenal with ManticoraLoader to diversify their offerings and increase monetization. As AresLoader continues to be widely used, it appears that the group is not abandoning their previous projects but rather evolving their malicious activities.

spot_img

Related articles

Recent articles

Cyber Attack Delays Victoria’s Secret Earnings Release

Victoria's Secret Delays Earnings Release Due to Cyber Attack Victoria's Secret, the well-known lingerie and fashion brand, has announced a delay in its financial results...

Transforming Care Excellence: The Heart of KFSHRC’s Command Center

Transforming Healthcare Efficiency at King Faisal Specialist Hospital Capacity Command Center: A Technological Leap The King Faisal Specialist Hospital & Research Centre (KFSHRC) is at the...

PathWiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack

New Threats to Ukrainian Critical Infrastructure: The Emergence of PathWiper Malware In a significant escalation in the ongoing cyber conflict, researchers from Cisco Talos have...

Unveiling the Dark Web Dealer Linked to Ross Ulbricht’s $31 Million Bitcoin Gift

Bitcoin Donation to Ross Ulbricht: A Closer Look Overview of the Donation Last weekend, Ross Ulbricht made headlines when he received an astonishing Bitcoin donation valued...