Kronos was a type of banking malware first reported in 2014 and sold for $7,000, it was developed as a follow-up to the UPAS kit that was released in 2012.
Like Zeus, Kronos focused on stealing banking login credentials from browser sessions through a combination of keylogging and web injection. In 2015, its attacks targeted UK banks. British security researcher Marcus Hutchins (aka ‘MalwareTech’), formerly notable for his role in stopping the May 2017 WannaCry ransomware attack but… He was arrested by the FBI while visiting the United States because it was alleged that he created the software in 2014 and sold it in 2015 through the AlphaBay forums.
Now, after its latest resurgence in 2022 in which the IBM Security Trusteer saw an increase in Kronos malware activity in Mexico. In these attacks, it was used to launch web injections of JavaScript at financial institutions with a malicious Chrome extension.
The Kronos malware uses a configuration file to identify the target pages within the victim’s web browsing session. Once the victim navigates to one of these pages, the malware will initiate a call to an external resource and inject a malicious JavaScript payload. Once the malicious Chrome extension is installed, if the user attempts to access one of the targeted Mexican financial institutions, the extension will inject malicious JavaScript to steal sensitive information from the victim’s device.
Remember to protect yourself against these kinds of threats by using reputable antivirus and antimalware programs, as well as keeping systems up to date with the latest security patches and software updates.
