Malware Families “Prynt” and “Saintstealer” are on a Stealing Spree
Table of Contents
- By Patrick Ryan
- May 11, 2022
The use of malware designed to steal computer users’ information, including login credentials and system information, is rising. In particular, digital security specialists are shining the spotlight on Saintstealer and Prynt malware that steals credentials.
How Do Prynt and Saintstealer Work?
After execution, the two malware families steal passwords, usernames, and credit card information. These forms of malware also steal information from a litany of locations throughout the entirety of the targeted system, compressing the data into a ZIP file that is protected by a password. The Saintstealer malware uses a NET-based 32-bit C# executable dubbed “saintgang.exe” to steal information. The malware is designed with checks for anti-analysis so that it can delete itself if operating in a virtual space or a sandbox.
Saintstealer steals a plethora of data, including cookies, autofill information, screen captures, passwords, and more. The malware steals information within Chromium browsers, including the likes of Brave, Edge, Opera, Chrome, Yandex, and Vivaldi. Additionally, the malware is advanced to the point that it can pluck tokens for multi-factor authentication directly from the popular Discord chat platform. Saintstealer can also steal files with .docx, .doc, and .txt extensions and extract data from Open VPN, Nord VPN, Telegram, VimeWorld, and more.
Once the information is stolen, it is copied to the hackers’ Telegram channel. The metadata is then exfiltrated to a C2 server, meaning command and control. The IP address tied to the C2 domain is connected to several stealer families ranging from EchelonStealer to Predator stealer, BloodyStealer, and Nixscare.
Information stealers are a threat to businesses as well as everyday computer users. If Saintstealer gains access to the target’s infrastructure, it has the potential to cause significant problems within the cyberinfrastructure.
What is Prynt Stealer All About?
Prynt Stealer has reared its ugly head, performing keylogging and stealing financial information with a clipper module. Prynt Stealer is advanced to the point that it can zero in on more than 30 Chromium browsers and half a dozen Firefox browsers and apps used for messaging, file sharing, and gaming. The malware is available to hackers for an ongoing subscription of $900.
Prynt Stealer zeroes in on web browsers and apps to compromise targets’ financial information. Prynt Stealer users can even use the malware’s internal builder to develop a specialized spin that is difficult to detect, ultimately empowering the hackers to covertly pluck data from targets. Prynt scans through the target’s drives, steal information by scanning for keywords on the hard drive related to banking, and plucks the targeted information.
Prynt Stealer is complex to the point that it can search a targeted computer’s hard drive to find digital wallets used to store cryptocurrency. The malware steals login credentials to access the e-wallet and steals the target’s cryptocurrency.
What Can Businesses and Everyday People Do to Avoid Prynt Stealer and Saintstealer?
Aside from implementing the latest digital security protections, it will also help if computer users at businesses and elsewhere remain mindful of the most common routes for transmitting malware. For example, it is unwise to click attachments or download files from unknown parties. Furthermore, using any form of torrent or cracked software also presents an opportunity for malware miscreants to wreak havoc.