REvil Ransomware member win the auction for KPot stealer source code

The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it.

The authors of KPot information stealer have put its source code up for auction, and the REvil ransomware operators will likely be the only group to bid.

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software.

The malware, which was first spotted in 2018, is also able to take a screenshot of the active desktop and also target wallets stored on the computer.

The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

The malware communicates with the C2 infrastrcuture via HTTP requests and supports multiple commands to steal any kind of information from the infected systems.

The KPot source code was initially offered for $10,000 upfront, and according to the threat intelligence provider Cyjax the only participant in the action was UNKN, who is a well-known member of the REvil (Sodinokibi) ransomware crew.

“The source code for the KPot stealer has been auctioned off, with a representative of the REvil ransomware group being the sole public bidder.” reads a post published by the company on LinkedIn. “The REvil representative was the only public bidder for this product, and the auction was closed soon after their bid was made. While the closed nature of these sales makes it impossible to definitively state REvil are now the owner of the KPot stealer, this seems highly likely. They were the only public bidder for this product and could almost certainly outbid other interested parties. If REvil has purchased the source code for KPot stealer, then this will likely be incorporated into future ransomware attacks.”

UNKN paid the initial asking price of $6,500, while other forum members declined to participate, citing the steep asking price.

The auction was related to the source code of KPOT 2.0, which is the latest version of the info stealer.

The REvil ransomware operators will likely integrate the source code for the KPot stealer in their ransomware.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.