DeadXInject, the group behind AresLoader and AiDLocker ransomware, is now offering ManticoraLoader, a new Malware-as-a-Service (MaaS) targeting Windows systems. Available on underground forums and Telegram since August 8th, 2024, this C-based tool is designed to steal information such as IP addresses, usernames, and installed antivirus software.
It extends beyond ransomware and Citrix exploits, providing a versatile tool for wider cybercriminal activities.
ManticoraLoader Malware
ManticoraLoader infects Windows systems from Windows 7 onward, including servers, collecting detailed data like IP address, username, system language, antivirus details, UUID, and timestamps.
The data is sent to a central control panel, enabling attackers to profile victims, tailor future attacks, and maintain control over compromised systems, making ManticoraLoader a powerful tool for sophisticated cyberattacks.
ManticoraLoader is designed for persistent access, automatically running at startup by placing files in auto-start locations.
Its modular structure allows easy adaptation for various malicious tasks, and it uses advanced techniques to avoid detection. Available for rent at USD 500 per month, the service operates under strict terms with a restricted client model. Its sophisticated evasion techniques, including zero detections on Kleenscan and bypassing 360 Total Security sandboxing, highlight its effectiveness and low risk of detection.
VirusTotal findings show that AresLoader is still a significant threat even with the rise of ManticoraLoader. This suggests that AresLoader’s ability to bypass security and deliver malicious payloads makes it highly valuable to cybercriminals.
According to Cyble, the continued presence of AresLoader underscores the need for strong security measures to defend against this and other advanced malware.TA DarkBLUP, known for AresLoader MaaS, has introduced a new loader, ManticoraLoader. While the launch appears aimed at monetization, the reason for their prior inactivity is still unclear.
Despite their similarities, the TA claims ManticoraLoader has advanced features, raising concerns about the difficulty in detecting stealer and botnet infections, much like with AresLoader.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment