Proofpoint researchers found a new threat enticing users to download malware by masquerading as a “Privacy Tools” service offering a tool that “encrypts” user data using a zip-like utility. The fake website is professional-looking and contains detailed descriptions of the alleged service including step-by-step instructions on how to download the privacy tools – which turn out to be malware.
Researchers identified the initial payload as Smoke Loader, a popular downloader available on easily accessible forums for buying and selling malware and used by multiple threat actors. The malware subsequently installs follow-on data-stealing malware including Raccoon Stealer and RedLine.
The privacy theme is ironic considering the ultimate payload is designed to exfiltrate information from an infected host. However, it may appeal to users who are concerned about data sharing and privacy – a number that is likely increasing due to the recent mainstream marketing of user-focused privacy controls from major companies like Apple.