Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • REvil Ransomware Gang Acquire Source Code for KPOT 2.0 Infostealer
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

REvil Ransomware Gang Acquire Source Code for KPOT 2.0 Infostealer

5 years ago David Bisson
REvil Ransomware Gang Acquire Source Code for KPOT 2.0 Infostealer

The operators of REvil ransomware came into possession of the source code for the KPOT 2.0 information-stealing malware variant.

ZDNet reported that UNKN, a member of the REvil ransomware gang, acquired the source code for KPOT 2.0 in an auction announced by the malware’s author back in mid-October.

#KPOT source code up for sale! 💰💰 pic.twitter.com/fJ3BwlaHsR

— панкак3 (@pancak3lullz) October 15, 2020

KPOT 2.0 first made news in May 2019 when Proofpoint spotted digital criminals offering this infostealer for sale for approximately $100 on underground forums.

This newer version incorporated several changes to the original KPOT iteration that digital attackers began distributing back in August 2018 using email campaigns and exploit kits.

For instance, those responsible for the malware revised KPOT’s storage structure. This changed enabled the malware to organize all of its stolen files into folders that accorded with the directory from which they were originally gathered.

The malware authors also added an ability for collecting Outlook credentials from the registry for all users.

Nearly a year later, Bleeping Computer spotted a fake website for an optimization software that capitalized on fears surrounding COVID-19 to distribute both the CoronaVirus ransomware strain as well as the KPOT information-stealing trojan.

Security researcher Pancak3 told ZDNet that the author of KPOT organized the auction on an underground web forum for Russian-speaking digital criminals after they decided to move on to other pursuits.

UNKN was the only participant in the auction. It paid the initial asking price of $6,500 after other actors on the underground forum cited the price of the opening bid as an explanation for why they declined to participate.

Pancak3 explained to ZDNet that UNKN likely acquired the source code of KPOT in order to “further develop it” and thereby add it to their expanding arsenal of tools which they could use to prey upon targeted organizations’ corporate networks.

News of this acquisition follows less than a year after REvil infected the systems of a major provider of enterprise data center services provider headquartered in Texas.

The post ” REvil Ransomware Gang Acquire Source Code for KPOT 2.0 Infostealer” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Coronavirus, COVID-19, Exploit, Malware, Ransomware, TripWire

Continue Reading

Previous 3 Steps to Building a Resilient Incident Response Plan
Next Police to Livestream Ring Camera Footage of Mississippi Residents

More Stories

  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

11 hours ago [email protected] (The Hacker News)
  • Data Breach

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

14 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

16 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

18 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
  • DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
  • China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
  • Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
  • The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT