REvil ransomware developers purchased the source code of the KPOT Trojan

REvil purchased KPOT code
Written by Emma Davis

The ZDNet publication reports that the developers of the REvil ransomware purchased the source code of the KPOT Trojan at an auction (on a hacker forum) last month. The fact is that the author of the KPOT malware decided to sell the source code, as he plans to engage in other projects.

The sale took place on a private Russian-language hack forum last month, according to information security researcher Pancak3. According to him, UNKN, a well-known member of the REvil group (Sodinokibi), became the only bidder.

UNKN paid an initial price of $6,500 for KPOT, while other forum members refused to participate in the auction, noting the high cost of the malware.

In turn, the creators of REvil have no shortage of money. For example, last month a representative of the hack group gave an interview to the YouTube channel Russian OSINT, stating that the REvil members “earn” more than $100 million a year from buybacks.

UNKN also claimed the gang fears assassinations more than they fear a law enforcement action.wrote ZDNet journalists.

Thus, one of the REvil developers received the source code for the latest version of the KPOT malware – 2.0.

Journalists remind that KPOT was first discovered in 2018 and is a classic info-stealer capable of stealing passwords of various applications on infected computers. According to a 2019 report by Proofpoint experts, malware is interested in browsers, instant messengers, email clients, VPNs, RDP services, FTP clients, cryptocurrency wallets, and gaming software.

The operators of REvil appear to have acquired KPOT in order to continue its development and expand their already rich set of tools.

The REvil gang bought KPOT to” further develop it “and add it to its considerable arsenal of hacking tools the gang uses during its targeted intrusions inside corporate networks.told ZDNet information security researcher Pancak3.

Let me remind you that also creators of the REvil (aka Sodinokibi) ransomware put one million dollars in bitcoins on deposit on a Russian-speaking hacker forum. Thus, hackers want to prove to potential partners that they are serious in their business.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply