Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content



Also known as:

Category: Malware

Type: Loader

Platforms: Windows


Damage potential: Payloads, chain infection, data theft, financial loss


PureCrypter is a loader type of malware that spreads remote access trojans, ransomware, or information stealers. It’s been around since March 2021 and is known to distribute malware from various families such as AgentTesla, Arkei, DCRAT, and RedLineStealer.

PureCrypter has a two-step process to deliver its payload. The first step is infecting the target device, which usually happens via malicious files on platforms like Discord or Telegram. These files are often in a compressed form, like ZIP. Once the victim downloads and opens the malicious file, they unknowingly download PureCrypter onto their devices as well. After that, PureCrypter moves onto the second step and installs additional malware, which can be a ransomware, a remote access trojan, or an information stealer based on the attacker’s choice.

Possible symptoms

PureCrypter might create unusual register entries and encrypted or compressed files. It could also display fake error messages and cause high network traffic — other than these, there may not be any immediate signs since PureCrypter operates covertly.

Sources of the infection

Phishing campaigns with malicious links or files are the main source of infection for this malware.


To protect yourself from PureCrypter and similar threats, you should always be cautious about attachments in emails or messages, especially from unknown senders. Other measures you can take are the following:

  • Do not click on suspicious links.
  • Avoid downloading files or software from unofficial sources.
  • Check newly downloaded files for viruses with NordVPN’s Threat Protection.
  • Make sure your operating systems and software are updated.
  • Install a reputable antivirus solution and keep it updated.
  • Regularly back up important data.


You can use your antivirus software to detect and remove PureCrypter. Here are the steps you should follow:

  • Disconnect the infected device from the internet.

  • Run a full system scan.

  • Follow the instructions of your antivirus software.

  • Follow the instructions provided by your antivirus software.

  • Get help from an IT specialist if you can’t perform the removal yourself.

Ultimate digital security