Watch out, the Kraken botnet can easily bypass Defender and steal your crypto

3 min. read

Published onFebruary 21, 2022

published onFebruary 21, 2022

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

As most of you may already know, the Redmond-based tech company recently made an important update to the Window Defender Exclusions permission list.

Now, due to the change implemented by Microsoft, it is no longer possible to view the excluded folders and files without administrator rights.

As you can imagine, this is a significant change as cybercriminals often use this information to deliver malicious payloads inside such excluded directories in order to bypass Defender scans.

But, even so, safety is a relative term and whenever we think that we are safe, there are always going to be insidious third parties ready to breach our security.

Beware of the new Kraken botnet

Even with all the safety measures taken by Microsoft, a new botnet called Kraken, which was recently discovered byZeroFox, will still infect your PC.

Kraken adds itself as an exclusion instead of trying to look for excluded places to deliver the payload, which is a relatively simple and effective way to bypass Windows Defender scan.

The team stumbled upon this dangerous botnet back in October 2021, when nobody was aware of its existence, or the harm it could do.

Though still under active development, Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim’s system.

It currently makes use of SmokeLoade in order to spread, quickly gaining hundreds of bots each time a new command and control server is deployed.

The security team that made the discovery also noted that Kraken is mainly a stealer malware, similar to the recently discoveredWindows 11 lookalike website.

Kraken’s capabilities now include the ability to steal information related to users’ cryptocurrency wallets, reminiscent of the recent fake KMSPico Windows activator malware.

The botnet’s feature set is simplistic for such software. Although not present in earlier builds, the bot is capable of collecting information about the infected host and sending it back to the command and control (C2) server during registration.

The information collected seems to vary from build to build, though ZeroFox has observed the following being collected:

If you want to find out more about this malicious botnet and how you can better protect yourself against attacks, make sure you read the full ZeroFox diagnostic.

Also, be sure to also stay on top of any sort ofattacks that might come via Teams.It pays to always stay one step ahead of hackers.

Have you ever found yourself being a victim of such a cyber attack? Share your experience with us in the comments section below.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Watch out, the Kraken botnet can easily bypass Defender and steal your crypto#

Beware of the new Kraken botnet#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Watch out, the Kraken botnet can easily bypass Defender and steal your crypto

Beware of the new Kraken botnet