Kratos Silent Miner

The Kratos Silent Miner is a potent malware that has been equipped with various intrusive functions that go beyond the scope of a typical crypto-miner threat. Cybersecurity researchers discovered this particular malware to be offered for sale on an underground hacker forum. The threat is available for purchase via a RaaS (Ransomware-as-a-Service) scheme priced at $100 per month. The developer of the threat also promises to provide 24/7 support through a Telegram account.

Being a cryptominer, the Kratos Silent Miner can take over the hardware resources of infected systems and utilize them for the generation of ETC (Ethereum Classic) and ETH (Ethereum) coins, In addition, the threat has a wallet clipper routine that allows it to replace crypto-wallet addresses that users save into the systems clipboard with the address of wallet controlled by the hackers.

To ensure its presence in the system, the threat can bypass both the UAC (User Account Control) and EDR (Endpoint Detection and Response) systems. It also cannot be deleted from the Registry or terminated via tools, such as the Process Hacker. In addition, the Kratos Silent Miner scans the system for the presence of other, competing crypto-miners and kills their processes. It can also block access to popular scanning websites, display fake error messages, and prevent certain anti-malware products from scanning it.

While on the device, the Kratos Silent Miner also will harvest and exfiltrate numerous system details to its operators. The information may include the computer's name, OS version, CPU name, GPU name, amount of installed VRAM and the installed anti-virus solutions. The acquired data is transmitted to the attackers via Discord or Telegram.