Krypton Stealer
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 67 |
| First Seen: | May 6, 2019 |
| Last Seen: | April 6, 2022 |
| OS(es) Affected: | Windows |
The Krypton Stealer is likely a Russian made info stealer. Its authors are selling the Krypton Stealer on Russian hacking forums. It is not specified what the exact price of this info stealer is but it is likely rather cheap, as tools of this type that are made in Russia tend to be sold at pretty low prices. The payment is required to be in the shape of Ethereum or Bitcoin. Having in mind how cheaply such hacking tools are usually sold, it is likely that many shady individuals will take advantage of this offer, which may result in thousands of victims worldwide.
The Krypton Stealer is written in the C++ and C programming languages. It can be deployed in attacks against machines running Windows 7 and every other Windows version newer than that successfully. The main goal of the Krypton Stealer is to gather data from the compromised host. It also is capable of hiding its tracks because its payload is rather small in size and can, therefore be obfuscated easily to stay under the radars of anti-malware applications.
The authors of the threat have included quite a few features in the Krypton Stealer. Once up and running, it can collect data from Web browsers such as Google Chrome, Internet Explorer, Opera, Sputnik, Amigo, Vivaldi, Maxthon, etc. The data the Krypton Stealer targets is privileged information such as credit card data, passwords, search history, auto-completion details and download information.
The stealer targets several programs that cybercriminals focus on - VPN clients, FTP clients and Telegram. More specifically, the Krypton Stealer can snatch credentials from Filezilla, TotalCommander, FTPNavigator, and the VPN clients Proton and Nord.
The Krypton Stealer also is capable of collecting information about cryptocurrency wallets. It targets files, which are connected to cryptocurrency wallet services like Ethereum, Jaxx, Exodus and Electrum. The info stealer is operated via a control panel. The authors of the Krypton Stealer state that there are updates planned in the future, and it is likely that they will add more features and thus attract more clients.
Normally, as hard as they try to stay on the down low, info stealers tend to get spotted by anti-virus tools rather easily. This is why it is important to make sure you have downloaded and installed an anti-spyware application, which would keep you safe from the Krypton Stealer.
