There is a new, infostealer malware that is being rented out fairly cheap and is very powerful. It can be used to steal all types of information from organizational and individual computers. Below is a Yara signature for it. Copy the signature and save it in a Notepad file as PryntStealer.yar in the ClamWin database folder as an All Files type. Do not save it as a text file. The name should be PryntStealer.yar and nothing else. After saving, run scan a file with Clamwin to make sure the signature works. If it doesn't, please accept my apologies and delete the signature file. It works okay for me.

rule indications of PryntStealer infostealer April 2022
{
strings:
$a = “BrowserUtils.WritecCreditCards(cCC,text2 + “\\CreditCards.txt”);
$b = “BrowserUtils.WritepPasswords(pPasswords,text2 + “\\Passwords.txt”);
$c = “BrowserUtils.WritecCookies(cCookies,text2 + “\\Cookies.txt”);
$d = “BrowserUtils.WritesHistory(sHistory,text2 + “\\History.txt”);
$e = “BrowserUtils.WriteHistory2(Downloads,text2 + “\\Downloads.txt”);
$f = “BrowserUtils.WriteAutoFill(aFills,text2 + “\\Autofill.txt”);
$g ="BrowserUtils.WriteBookmarks(bBookmarks,text2 + “\\Bookmarks.txt”);
condition:
any 2 of them
}

Regards,