PrivateLoader analysis introduction
PrivateLoader is a malicious loader family, written in C++ and first discovered in early 2021.
It is known for distributing a wide range of malware, from simple information stealers to complex rootkits and spyware, utilizing payloads.
The distribution of this type of malware is managed by the Pay-Per-Install (PPI) service, a popular tool within the cybercriminal ecosystem that generates revenue by adding payloads to malware.
- The code itself involves the decryption of loaded libraries.
- At present, there are two versions of PrivateLoader available: one protected by VMProtect, and a regular version.
- Every day, between 2 and 4 samples of this malware are uploaded.