Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

REvil Ransomware member win the auction for KPot stealer source code

The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it. The authors of KPot information stealer have put its source code up for auction, and the REvil ransomware operators will likely be the only group to bid. KPOT Stealer is a “stealer” malware […]

KPOT infostealer

The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it.

The authors of KPot information stealer have put its source code up for auction, and the REvil ransomware operators will likely be the only group to bid.

https://twitter.com/pancak3lullz/status/1316743641046700038

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software.

The malware, which was first spotted in 2018, is also able to take a screenshot of the active desktop and also target wallets stored on the computer.

The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

The malware communicates with the C2 infrastrcuture via HTTP requests and supports multiple commands to steal any kind of information from the infected systems.

The KPot source code was initially offered for $10,000 upfront, and according to the threat intelligence provider Cyjax the only participant in the action was UNKN, who is a well-known member of the REvil (Sodinokibi) ransomware crew.

“The source code for the KPot stealer has been auctioned off, with a representative of the REvil ransomware group being the sole public bidder.” reads a post published by the company on LinkedIn. “The REvil representative was the only public bidder for this product, and the auction was closed soon after their bid was made. While the closed nature of these sales makes it impossible to definitively state REvil are now the owner of the KPot stealer, this seems highly likely. They were the only public bidder for this product and could almost certainly outbid other interested parties. If REvil has purchased the source code for KPot stealer, then this will likely be incorporated into future ransomware attacks.”

UNKN paid the initial asking price of $6,500, while other forum members declined to participate, citing the steep asking price.

The auction was related to the source code of KPOT 2.0, which is the latest version of the info stealer.

The REvil ransomware operators will likely integrate the source code for the KPot stealer in their ransomware.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]