Thanks to the work of the researchers at ANY.RUNa company that offers analysis services sandboxa new variant of the RisePro malware could be observed.
This new version of the malicious agent features a communication protocol and remote access features renewed compared to the past, which make this malware even more difficult to counter. Not only that: RisePro can boast two different attack modes, with an in C# and one in C++.
The “new” malware uses a custom protocol on TCP for communication, setting aside the previous strategy that was based on HTTP. Even from the point of view of exfiltration some dataRisePro has gotten a major upgrade.
The new variant, in fact, has a much wider range of action, capable of subtracting, depending on the case password, browser history, documents of various types but also other information such as User IP e computer specifications infected. Once he gets what he was looking for, the malicious agent creates a ZIP archive with the stolen goods and sends it to whoever manages the campaign.
The “new” RisePro changes communication protocol (and more)
RisePro has been enriched with an optional feature that allows attackers remote control via Hidden Virtual Network Computing (HVNC). This means that, if the cybercriminal intends to do so, he can take total control of the victim’s device.
If it is true that the research has allowed the developers of ANY.RUN to update their sandbox detection techniques, on the other hand the evolution of the malware can only worry experts and potential victims.
For ordinary users, all that remains is to keep their attention high. A antivirus adequate, combined with prudence when it comes to downloading suspicious attachments from email, they are an excellent basis for avoiding unpleasant encounters with RisePro and other similar threats.