Cybercriminals behind the REvil ransomware operation have reportedly bought the source code for the KPot information stealing malware, which was put up for auction by its authors, with a starting price of $6,500.
KPot first surfaced in mid-2018 as a Malware-as-a-Service (MaaS).The malware is able to collect passwords, cookies, browsing history and autofill forms from Chrome, Firefox and Edge, data on all RDP files stored in the infected machine, as well as gather general system information, including IP address, username and installed software.
Currently, it is unknown why the KPot’s developers decided to sell the malware’s source code. The KPot’s source code was initially offered for $10,000 upfront, and according to the threat intelligence provider Cyjax, a representative for the REvil ransomware crew going by the moniker UNKN, was the only bidder in the auction. The firm said that the auction was closed soon after the bid was made. UNKN paid the initial asking price of $6,500, while other forum members refused to participate because of the steep asking price.
“The REvil representative was the only public bidder for this product, and the auction was closed soon after their bid was made. While the closed nature of these sales makes it impossible to definitively state REvil are now the owner of the KPot stealer, this seems highly likely. They were the only public bidder for this product and could almost certainly outbid other interested parties. If REvil has purchased the source code for KPot stealer, then this will likely be incorporated into future ransomware attacks,” Cyjax said.
Last weekend, one of the most active and notorious data-stealing ransomware groups, Maze, announced it is “officially closed.” The Maze ransomware gang, which has been active since May 2019, has become the first group using so called double-extortion tactic, which involves stealing the victim’s data before encrypting the files and releasing the data if the ransom is not paid. The group’s track record includes highly recognized names such as Southwire, City of Pensacola, Canon, LG Electronics, Xerox, and others.