Unmasking the Bonasira Cyperine Author

Following our research on Cyperine 2.0 and Next Man History Stealer, the malware author rebranded their info stealer as Medusa. While it basically has the same featurse as Cyperine, you now need a valid account to access the builder. The example below compares Cyperine on the left and Medusa on the right, which shows a user logged in as Deadzeye. Figure 01. Builder comparison between Cyperine (Left) and Medusa (Right) The builder signatures clearly show that both of these variants were made by the same author, who goes by the name...

Leave a Reply