Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators

Kraken has already spread like wildfire, but in the past few months, the malware’s author has been tinkering away, adding more infostealers and backdoors.

There’s a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It’s using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report.

Though its name may sound familiar, Kraken has little to do with the 2008 botnet of the same name, wrote ZeroFox threat researcher Stephan Simon in a Wednesday post.

Using SmokeLoader to install yet more malicious software on targeted machines, Kraken is picking up hundreds of new bots each time a new command-and-control (C2) server is deployed, according to Simon’s post.

ZeroFox came upon the previously unknown botnet, which was still under active development, in late October 2021. Even though it was still being developed, it already had the ability to siphon sensitive data from Windows hosts, being able to to download and execute secondary payloads, run shell commands, and take screenshots of the victim’s system, ZeroFox said.

Simple, But Multi-Tentacled

ZeroFox shared a screen capture of the initial version

Read More: https://threatpost.com/golang-botnet-pulling-in-3k-month/178509/