Kraken Botnet

Despite being a relatively new player on the botnet scene, the Kraken Botnet has been infecting machines and growing its footprint rapidly. According to a report released by ZeroFox's cybersecurity researcher Stephan Simon, the operators of Kraken have started to generate sizeable profits from the threatening operations, reaching $3,000 approximately every month as seen from statics taken from the cryptocurrency mining pool Ethermine. It should be noted that the current Kraken botnet is not connected to a similarly named threat from 2008.

Rapid Development and Constant Evolution

Kraken is a Golang-based threat that has been in active development ever since it was detected back in October 2021. The initial versions had limited functionality and were managed through a simple panel that offered attackers access to basic statistics, additional payloads, a way to upload new payloads, and the ability to command a certain number of bots.

Just a couple of months later, the threat has become almost unrecognizable. It is now equipped with a versatile kit of intrusive and harmful capabilities. The control panel has been overhauled drastically and given the name Anubis. The cybercriminals can exercise far more granular control over the infected systems, with the ability to issue commands to individual victims.

The later Kraken versions can activate persistence mechanisms, collect various information about the breached system, fetch and execute additional files and unsafe payloads, run arbitrary commands, snap screenshots and more. More focus has been put into collecting cryptocurrency wallet credentials with the attackers targeting Zcash, Atomic, Bytecoin, Ethereum, Exodus, Guarda, Electrum, Armory and Jaxx Liberty.