Amongst the malware included in Kraken is the Redline Stealer attack, which is a popular infostealer malware that can claim whole user identities from browsers. It has been used to obtain autocomplete information, passwords, and financial information from victims. Redline Stealer is tricky because it will steal inventory data, including the users location, device/software information, and username. “Monitoring commands sent to Kraken victims from October 2021 through December 2021 revealed that the operator had focused entirely on pushing information stealers – specifically RedLine Stealer,” ZeroFox says. While the security firm knows what attacks are being used in the botnet, it does not know the intentions of the threat actor behind it: “It is currently unknown what the operator intends to do with the stolen credentials that have been collected or what the end goal is for creating this new botnet.”
Crypto Wallet Attacks
It seems an attack on cryptocurrencies and crypto wallets is the most likely. ZeroFox points out Kraken with Redline Stealer could wipe major wallets like bytecoin, Ethereum, Atomic, and more. That is what the attackers are current doing, stealing around $3,000 each month from people’s crypt wallets. Still, that seems a small operation and ZeroFox suspects the botnet could be used for larger scale attacks. “While in development, Kraken C2s seem to disappear often. ZeroFox has observed dwindling activity for a server on multiple occasions, only for another to appear a short time later using either a new port or a completely new IP,” the researchers say. Tip of the day: Whether you’re planning an upgrade, tuning CPU timings, or just curious, it’s handy to know information about your RAM. In our tutorial, we show you how to check RAM speed, type, and size using several built-in Windows tools.