kraken which is in active development and features a variety of backdoor capabilities to siphon off sensitive information from compromised Windows hosts. This threat has an ability to download and execute secondary payloads, execute shell commands, and take screenshots of the victim’s system, according to ZeroFox threat intelligence researchers.
Discovered in October 2021, the first variants of Kraken were found to be based on source code uploaded to GitHub, although it is unclear whether the repository in question belongs to the operators of the malware or if they simply chose to start their development using the code as a foundation.
Kraken’s features are said to be constantly evolving, with its authors tinkering with new components and altering existing features. Current iterations of the botnet come with features to maintain persistence, download files, execute shell commands, and steal different cryptocurrency wallets.
Target wallets include Armory, Atomic Wallet, Bytecoin, Electrum, Ethereum, Exodus, Guarda, Jaxx Liberty, and Zcash. It also constantly downloads and runs on the RedLine Stealer machine, which is used to collect saved credentials, autofill data, and credit card information from web browsers.
This botnet has a management panel that allows the threat actor to upload new payloads, interact with a specified number of bots, and view command history and victim information.
Over time, Kraken also became a conduit for use by other generic data thieves and cryptocurrency miners, earning botnet operators around $3,000 each month. Unfortunately, it is unknown what the operator intends to do with the stolen credentials that have been collected and all we can do is wait and prepare security measures.