The operators of the REvil ransomware pressure have “acquired” the supply code of the KPOT trojan in an public sale held on a hacker discussion board final month.
The sale befell after the KPOT malware writer determined to public sale off the code, wanting to maneuver off to different tasks.
The sale was organized as a public public sale on a personal underground hacking discussion board for Russian-speaking cyber-criminals, safety researcher Pancak3 informed ZDNet in an interview final month.
The one bidder was UNKN, a widely known member of the REvil (Sodinokibi) ransomware gang, Pancak3 stated.
UNKN paid the preliminary asking value of $6,500, whereas different discussion board members declined to take part, citing the steep asking value.
The REvil operator acquired the supply code of KPOT 2.0, the most recent model of the KPOT malware.
First noticed in 2018, KPOT is a basic “info stealer” that may extract and steal passwords from varied apps on contaminated computer systems. This contains net browsers, immediate messengers, e-mail shoppers, VPNs, RDP companies, FTP apps, cryptocurrency wallets, and gaming software program, in line with a 2019 Proofpoint report.
Pancak3, who first noticed the KPOT public sale in mid-October, informed ZDNet that he believes the REvil gang purchased KPOT to “additional develop it” and add it to its appreciable arsenal of hacking instruments the gang makes use of throughout its focused intrusions inside company networks.
Though many different discussion board members have described the KPOT code as overpriced, UNKN and the REvil gang have cash to spare.
The REvil member, who has been working because the ransomware gang’s public figurehead and recruiter for the previous two years on hacking boards, has lately given an interview to a Russian YouTube channel, claiming that the REvil gang makes greater than $100 million from ransom calls for annually [1, 2].
UNKN additionally claimed the gang fears assassinations greater than they concern a regulation enforcement motion.