This new Windows botnet could drain your crypto wallet
Kraken botnet targets Windows users and possibly their crypo wallets
Cybersecurity experts have recently spotted a brand new botnet, whose endgame has not yet been revealed.
First found in October 2021 by researchers from ZeroFox, the botnet, named Kraken, targets Windows-powered endpoints, and deploys various malware to the affected devices, including the RedLine Stealer malware.
RedLine Stealer is currently one of the most popular infostealers out there, capable of grabbing entire identities from browsers, obtaining data such as saved passwords, autocomplete data, or credit card information. Furthermore, it also grabs system inventory data, such as username, location data, hardware configuration, and software details.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
Distributing RedLine Stealer
"Monitoring commands sent to Kraken victims from October 2021 through December 2021 revealed that the operator had focused entirely on pushing information stealers – specifically RedLine Stealer," ZeroFox said.
"It is currently unknown what the operator intends to do with the stolen credentials that have been collected or what the end goal is for creating this new botnet."
Newer versions of RedLine is also capable of stealing cryptocurrencies from the victim’s wallets, which is also something the researchers are warning.
ZeroFox researchers are saying Kraken, with the help of RedLine Stealer, is able to wipe out the contents of Zcash, Armory, Bytecoin, Electrum, Ethereum, Exodus, Guarda, Atomic, and Jaxx Liberty cryptocurrency wallets.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As things stand now, the operators of the malware rake up roughly $3,000 every month, by clearing out people’s wallets.
"While in development, Kraken C2s seem to disappear often. ZeroFox has observed dwindling activity for a server on multiple occasions, only for another to appear a short time later using either a new port or a completely new IP," the researchers added.
“By using SmokeLoader to spread, Kraken quickly gains hundreds of new bots each time the operator changes the C2," the researchers confirmed.
Kraken is built on Golang, and uses SmokeLoader backdoor and malware downloader to spread.
- Check out our list of the best firewalls right now
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.