Risepro

Malware Profile Updated 9 days ago
Download STIX
Preview STIX
RisePro is a malicious software (malware) that has recently been involved in a campaign targeting GitHub users. The malware, part of the "GitGub" campaign, is designed to exploit and damage computer systems by infiltrating them via suspicious downloads, emails, or websites. Once installed, RisePro can steal personal information, disrupt operations, or even hold data for ransom. This malware is primarily delivered through downloads offered on various project webpages, which upon installation, infect devices with different types of "infostealer" malware such as Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro, depending on the operating system. The researchers have discovered that alongside RisePro, other password stealers like RedLine, a Golang-based stealer called Loli, and a Golang-based backdoor named TrueClient are also being used. These malicious exploits are aimed at capitalizing on the rising popularity of AI tools. The threat actors behind these attacks are keen to exploit this trend, demonstrating a high level of sophistication and adaptability in their methods. A detailed analysis of the files discovered on the distribution website confirmed the presence of the RisePro stealer. Traces were also found leading to another popular malware family, Private Loader. This indicates that the threat actors are leveraging multiple types of malware in their campaigns, further complicating mitigation efforts. Users are urged to exercise caution when downloading files or interacting with unfamiliar websites, particularly those associated with AI tools.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Stealc
4
Stealc is a malicious software (malware) that specifically targets browser extensions and authenticators by password managers, growing in popularity on the dark web since its discovery in early 2023. It has been associated with significant cyber-attacks, such as the $7 million heist on the Solana bl
Vidar Stealer
1
Vidar Stealer is a form of malware, a malicious software designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Exploit
Github
Infostealer
Payload
Loader
Antivirus
Android
Sandbox
Google
Telegram
Flashpoint
Vulnerability
Malware Loader
Trojan
Backdoor
Infiltration
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PrivateloaderUnspecified
3
PrivateLoader is a notable malware that has been active since at least December 19, 2022. It acts as the first step in many malware schemes, often initiating an infection chain that leads to other malicious software. The malware can infiltrate systems through suspicious downloads, emails, or website
VidarUnspecified
3
Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2,
RedlineUnspecified
3
RedLine is a notorious malware, discovered in March 2020, designed to exploit computer systems and steal sensitive personal information such as login credentials, cryptocurrency wallets, and financial data. It exports this stolen data to its command-and-control infrastructure. The malware has been u
LummaUnspecified
1
Lumma is a prominent malware, particularly known as an information stealer. It is delivered through various means, including suspicious downloads, emails, and websites. In one instance observed by Palo Alto Networks’ Unit 42, Lumma was sent over Latrodectus C2 in an infection chain. In another campa
RaccoonUnspecified
1
Raccoon is a highly potent and cost-effective Malware-as-a-Service (MaaS) primarily sold on dark web forums, used extensively by Scattered Spider threat actors to pilfer sensitive data. As per the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" report published on August 31, 20
MarsUnspecified
1
Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti
AmosUnspecified
1
AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot
Atomic Macos StealerUnspecified
1
The Atomic macOS Stealer (AMOS) is a powerful new malware that emerged in early 2023, targeting Apple users. It was discovered by Cyble Research and Intelligence Labs (CRIL) in April of the same year when it was advertised for sale on Telegram. AMOS can steal various types of information from infect
Lummac2 StealerUnspecified
1
LummaC2 Stealer is a prominent malware that has been increasingly utilized for initial access or information stealing over the past year. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or devices by
XenomorphUnspecified
1
Xenomorph, a notorious malware known for its damaging capabilities, has resurfaced after several months of inactivity. Malware, short for malicious software, is designed to exploit and damage computer systems or devices. It can infiltrate systems through dubious downloads, emails, or websites, often
Lummac2Unspecified
1
LummaC2 is a relatively new information-stealing malware, first discovered in 2022. The malicious software has been under active development, with researchers identifying LummaC2 4.0 as a dynamic malware strain in November 2023. It's been used by threat actors for initial access or data theft, often
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
White SnakeUnspecified
2
White Snake, a threat actor in the cybersecurity landscape, has been identified as an evolving and substantial threat to both Windows and Linux systems. Originating in February 2023, this malicious entity introduced the White Snake Stealer into the cybercrime scene, a formidable malware distributed
MedusaUnspecified
1
Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Risepro Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
9 days ago
Security Affairs Malware Newsletter - Round 2
Recorded Future
14 days ago
Cybercriminal Campaign Spreads Infostealers, Highlighting Risks to Web3 Gaming | Recorded Future
Securityaffairs
16 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
23 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
2 months ago
AI Voice Generator App Used to Drop Gipy Malware
Securityaffairs
3 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
10 months ago
Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
CERT-EU
10 months ago
Xenomorph Android malware now targets U.S. banks and crypto wallets
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
10 months ago
Xenomorph banking trojan targets over 30 US banks
DARKReading
3 months ago
Web3 Game Developers Targeted in Crypto Theft Scheme
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Recorded Future
3 months ago
Cybercriminal Campaign Spreads Infostealers, Highlighting Risks to Web3 Gaming | Recorded Future
Securityaffairs
4 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini