KPOT v2.0 Description
Cybercriminals often sell their creations on hacking forums for other shady individuals to use as they please. This is the case with the KPOT Stealer. Malware researchers first spotted this threat back in the summer of 2018. The KPOT Stealer is meant to be used as a tool for collecting sensitive data such as login credentials, FTP and VPN logins, Web browser saved login details, Steam login information, social media usernames and passwords, and cryptocurrency wallets, etc.
Cheaper and More Threatening
Due to its fantastic functionality, the KPOT Stealer was a hit in the world of cybercrime and was implemented in numerous attacks all around the world. Its success prompted its authors to release a new and updated version of the KPOT Stealer called KPOT, which is even cheaper than the original hacking tool.
KPOT has a few improvements compared to the original KPOT Stealer, namely:
- The ability to collect files from shared folders.
- A revamped file collector.
- The ability to create a list of all the installed software on the host and forward it to the attackers.
- Extended Remote Desktop Protocol credential grabbing abilities.
Likely to Target Cryptocurrency Wallets Specifically.
The fact that the attacker can specify the size, extension, and filename as to what the KPOT v2.0 should target for collecting makes this threat harmful particularly as one can easily program it to look for cryptocurrency wallets specifically.
Propagation Via Bogus Emails
Since this threat is available to purchase publicly, it is likely that different individuals buying it will have different preferred methods of propagating it. So far there have been campaigns employing the KPOT v2.0 spotted that have employed fraudulent spam emails as a method of spreading the hacking tool.
Keeping in mind what a hit the KPOT Stealer was and that the KPOT v2.0 is not only better but also cheaper one can only guess the scope of damage this hacking tool will unleash on unsuspecting users around the world.