Predator the Thief Description
A new info stealer by the name Predator the Thief has been detected in several large-scale attacks recently. It appears that its author is a user called 'Alexuiop1337' who is currently selling Predator, the Thief on several Russian forums. The initial price was $35, but after several updates and perhaps seeing the interest it has garnered, the author of the Predator the Thief raised the price to $80. However, this did not diminish the interest in the Predator the Thief because even for $80 a threat with so many features is still a bargain.
It is not clear how the Predator the Thief is propagated, but it is highly likely that the main mean of distribution is mass spam email campaigns. So far, it was identified that the Predator the Thief was spread via WinRAR archives, which were crafted to achieve infiltration via the CVE-2018-20250 exploit specifically. Another method used was macro-laced documents attached to the fraudulent emails. Once it penetrates a system successfully, the Predator the Thief was programmed to check whether the machine is used in a sandbox environment. If the answer is positive, the Predator the Thief halts its attack.
However, if the computer the Predator the Thief landed on is not used for malware debugging, the Predator the Thief will begin scanning certain folders and Registry keys, which are known to hold sensitive data. The Predator the Thief targets a vast number of applications. This threat can collect data from Web browsers such as Mozilla Firefox, Google Chrome, Opera, Vivaldi, Comodo Dragon, Torch, Sputnik, and Chromium-based Web browsers. The Predator the Thief also can infiltrate a user's Discord account targeting the 'https_discordapp_*localstorage' data provided that the victim has the right configuration. The Predator the Thief also can collect data from the WinFTP and FileZilla applications. The authors of the Predator the Thief have made sure it also could infiltrate cryptocurrency wallet services that are used for storing Bitcoin, Ethereum, Armory, Electrum, Multibit, Bytecoing and others. This is done by manipulating the '.dat' and '.wallet' files. Users of the gaming platform Steam are not safe either. The Predator the Thief can gain access to their accounts by bypassing the 2FA security process used by Steam, and if this does not work, the same could be achieved in offline mode.
Once the Predator the Thief is satisfied with the data gathered, the personal information about the user targeted will be dumped in a file named 'information.log.' This file will contain the victim's country, city, ZIP code, approximate location, time zone and IP address. Then, 'information.log' and all other data that the Predator the Thief has collected will be sent to the servers of the attacker. When this is completed, the Predator the Thief will make sure to wipe itself off alongside all the traces it may have left while operating on the system.
If an info stealer is well-made as the Predator the Thief, it is very likely that the victims may never even realize that their systems have been infiltrated. It is of utmost importance that you have a legitimate anti-malware tool in place, and update it regularly because there are shady individuals all over the Internet just waiting for you to fall into one of their traps.
Do You Suspect Your PC May Be Infected with Predator the Thief & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Predator the Thief as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.