University Targeted by ‘PrivateLoader’, a Pay-Per-Install Malware Distribution Service
Darktrace, a global leader in cyber security AI, today announced that an African technology university stopped a recent cyber-attack using Darktrace AI. The attackers attempted to distribute PrivateLoader malware, a pay-per-install malware service commonly associated with crypto-mining and IP theft.
The public university, which has been established for over 30 years in Africa, awards students with undergraduate and graduate degrees in technology-related subjects. The university holds vast amounts of valuable IP including government-funded research into artificial intelligence, robotics, and sustainable energy solutions, which is a prime target for financially motivated cyber-criminals as well as state-sponsored attackers.
The university was targeted during a trial of Darktrace’s AI in mid-April. The AI technology had formed a unique understanding of the university’s ‘normal’ operations across its digital estate which allowed it to spot the out-of-the-ordinary activity indicative of an attack. In this case, the AI detected a desktop connecting to a rare external endpoint using a mechanism that was not consistent with their technology stack.
The IP address was subsequently tracked by Darktrace’s AI Analyst and found to be related to the pay-per-install malware service, PrivateLoader. The compromised device was then observed performing activity indicative of ‘RedLineStealer’ and ‘MarsStealer’, information-stealing malware which exfiltrate data with the intent of monetizing it through direct use or distribution on darknet sites.
Darktrace AI detected the attack in its earliest stages, and the threat was interrupted before any critical research or student data could be exfiltrated. After the attack was contained, a thorough investigation into the incident was conducted to ensure future cyber resilience for the university.
“PrivateLoader is an emerging malware service which has grown in popularity over the past year. It is unsurprising that attackers would target a university with this attack tool, typically used to distribute information-stealing malware which can harvest the critical data that universities hold for financial or more political purposes,” commented Toby Lewis, Darktrace’s Global Head of Threat Analysis. “By taking a number of subtle indicators from across the organization into consideration, including time of day, duration, data in and out, and peer analysis of similar devices and users, Self-Learning AI is uniquely capable of spotting these threats in their earliest stages – before critical data falls into the wrong hands.”
Darktrace (DARK.L), a global leader in cyber security AI, delivers world-class technology that protects over 6,800 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 2,000 employees worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.