The PureCoder products were initially distributed in March 2021, as per the developer’s old website.
While the current Pure site claims that the software is only for education and testing purposes, the observed trend shows that the code is also used for several illicit purposes.
The Pure updates since March 2023 mentioned the Telegram bot sales.
While the bots automate and anonymize malware purchases, The author expands the service, explores new channels, and scales up through bot usage.
Document
Try ANY.RUN Yourself with a 14-day Free Trial
Pure Malware Tools
Here below, we have mentioned all the Pure malware tools masquerading as legitimate software to bypass detections:
- PureCrypter: It’s a crypter that deploys data obfuscation and encryption algorithms. This hides malware from AV tools and makes the analysis difficult for the researchers.
- PureLogs Loader: It is malware that is frequently distributed via a loader with NET Reactor protection and uses a tiny library to steal data. A C2 server is where the loader obtains the library.
-
PureLogs: It’s a versatile stealer similar to the PureCrypter, which employs obfuscation techniques for analysis complexity. Occasionally, it’s mistaken for ZGRat, a commonality in the Pure family samples.
-
Experts found unique samples with signatures similar to PureCrypter and PureLogs. These signatures included the same traffic patterns, 3DES encryption (key encrypted with MD5Crypto), shared code behavior (proto-buf module), and a structure resembling PureCrypter and PureLogs.
Though the tools claimed for education, they dock silent miners, botnets, and hidden HVNC. Even high demand is evident on Pure’s site with monthly purchases.
Users make crypto payments in Bitcoin, facilitated by various wallets, possibly part of a Bitcoin mixer. Wallet activity detected from May 19-26, 2023, already totals 250 transactions for a huge amount of $32,000 on Blockchain.com.
Fake educational software is a potent malicious tool distributed via a Telegram bot. Since Pure gets a few orders monthly, its popularity might surge rapidly soon.
