It seems cybercriminals are having a busy time of the year, where we do not only see a massive number o new breaches, but new tools and kits are also being released, including malware.
This morning, Cyble researchers noticed a new version of KITPOT has been released and includes the following new features.
The malware family has been used in email campaigns since 2018, with the advanced features implemented in 2019.
About: KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. In September 2018, the malware was observed targeting users of the Jaxx cryptocurrency wallet.
1) Fixed minor errors in the admin panel.
2) Passwords no longer fall out immediately upon entering their page, now they are displayed only after the filter.
3) Fixed the collection of autocomplete forms for the new Microsoft Edge (based on Chromium).
4) Fixed collection of full cards in Chromium 80+.
5) Added Skype for Desktop collection.
6) In the name of the log now only the country is written in ip, previously it was in ip and in language.
7) Added pagination in reports. On one page is displayed no more than 1k logs.
8) Added filter by country on the password page.
9) Added the ability to open a legal entity after sending a report.
10) Added collection of mRemoteNG from all users.
11) Added collection of Ledger Live, Scatter, Trinity from all users.
12) Fixed a problem with the lack of log passwords in the admin panel, but the presence in the log itself.
Newly installed Firefox 74 in process.
About Cyble:
Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.
Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.
