Kraken botnet bypass Windows Defender to steal crypto wallet data

Kraken botnet utilizes SmokeLoader malware, and its operators have already been raking in around $3,000 per month.

ZeroFox Intelligence’s cybersecurity researchers have discovered a new botnet that is under active development and used by threat actors to deploy backdoors to steal sensitive data.

Dubbed Kraken botnet by researchers; it is quickly spreading and adding more backdoors and infostealers. It is worth noting that Kraken botnet has no connection with the Kraken botnet discovered in 2008 or San Francisco, California-based Kraken cryptocurrency exchange and bank.

Multiple Variants of Kraken Botnet Detected

The Golang-based botnet is reportedly targeting Windows hosts to steal sensitive information. It was detected in October 2021, and many variants have been identified since then. These variants were based on an open-source code uploaded to GitHub.

Despite the botnet being still under development, it boasts an expensive array of capabilities. It was initially deployed as a self-extracting RAR SFX file; however, in its recent variants, Kraken gets directly downloaded through the backdoor.

Details of the Malware Loader

According to ZeroFox’s report published on Wednesday, Kraken botnet utilizes SmokeLoader malware, and its operators have already been raking in around $3,000 per month. Using SmokeLoader, Kraken has added hundreds

Read More: https://www.hackread.com/kraken-botnet-crypto-wallet-data-windows-defender/