New Insights on Underworld Malware Developer PureCoder from Check Point Research

New Insights into PureCoder

Check Point Research, a division of Check Point® Software Technologies Ltd., has unveiled significant information about "PureCoder," a prominent malware developer operating in the underground cybercrime sphere. As part of the latest threat intelligence updates, this report sheds light on PureCoder's activities and its contribution to the growing malware ecosystem backing numerous global cybercrime campaigns.

Identifying the Developer

The recent discovery linking PureCoder directly to a GitHub repository has unveiled critical details about its development infrastructure and operational timezone of UTC+0300. This finding illustrates how threat actors exploit legitimate platforms for malicious activities, effectively blurring the lines between legality and cybercrime.

The Malware Ecosystem

PureCoder has developed a wide array of sophisticated tools that have been active since 2021, notably including PureHVNC RAT, PureRAT, PureCrypter, and PureLogs. These tools have been sold on underground forums, aiding cybercriminals in covert remote control operations, data theft, and evasion of antivirus software, all of which are essential components of modern cyber attacks.

Detailed Investigations

Check Point Research has meticulously tracked an 8-day infiltration process initiated through deceptive job offers that escalated into establishing persistence, credential theft, and the deployment of the Sliver C2 framework. This investigation shines a light on the multi-faceted strategies employed by attackers where PureCoder plays a pivotal role.

Global Impact of PureCoder

Attacks linked to PureCoder have had a global reach, affecting organizations across the United States, Europe, and the Asia-Pacific regions. The sectors hit by these attacks include finance, education, healthcare, and telecommunications, reflecting the pervasive threat posed by these malware tools.

Rising Threat Trends

With a forecast indicating a significant surge in the use of PureCoder's tools by 2025, the distribution of malicious spam, phishing sites, and activities on underground forums are all expected to rise dramatically. This highlights an alarming trend in cybercrime that we cannot ignore.

The Evolution of Cybercrime

Since its inception in 2021, PureCoder has not only developed and sold malware but also updated and maintained its products, demonstrating an alarming level of professionalism in the cybercrime industry. The latest forensic analysis from Check Point illustrates how tools like PureHVNC RAT, PureRAT, and PureCrypter are utilized in real cybercriminal operations, indicating a shift towards a service-based industry for online crime.

Implications for Cybersecurity

The sophistication of PureCoder’s operations symbolizes a new era where malware developers operate similarly to legitimate software vendors. They provide a comprehensive suite of products marketed through platforms such as Telegram, along with customer support and ongoing updates. Malware packages range from $50 to several hundreds, underscoring a dangerous normalization of cybercrime.

CPR’s lead researcher, Eli Smadja, emphasized, "Many global-scale cyber campaigns are not just about the perpetrators but also involve developers like PureCoder, representing the industrialization of cybercrime. Malware is presented much like legitimate software, with development, marketing, and support. Our research offers valuable insights into the malware economy's supply chain, stressing the need for defense based on recognizing attributes and preventative prioritization, alongside intelligence-driven collaboration."

For further details regarding PureCoder, readers are encouraged to visit the blog by Check Point Research.

About Check Point Research

Check Point Research maintains a commitment to providing the latest cyber threat intelligence to its customers and the broader threat intelligence community. It analyzes data on global cyberattacks and works to mitigate hacking efforts while enhancing protective features in Check Point products, teaming up with over a hundred analysts and researchers across security vendors, law enforcement, and CERT organizations.

About Check Point Software Technologies

Check Point Software Technologies stands as a leading provider of digital trust, protecting over 100,000 organizations worldwide through AI-driven cybersecurity solutions. With its Infinity Platform and open garden ecosystem, it prioritizes prevention, significantly enhancing security efficacy while reducing risks. The company integrates management across on-premises, cloud, and workspace environments, providing flexibility, simplicity, and scalability for enterprises and service providers alike.