The ZDNet publication reports that the developers of the REvil ransomware purchased the source code of the KPOT Trojan at an auction (on a hacker forum) last month. The fact is that the author of the KPOT malware decided to sell the source code, as he plans to engage in other projects.
The sale took place on a private Russian-language hack forum last month, according to information security researcher Pancak3. According to him, UNKN, a well-known member of the REvil group (Sodinokibi), became the only bidder.UNKN paid an initial price of $6,500 for KPOT, while other forum members refused to participate in the auction, noting the high cost of the malware.
In turn, the creators of REvil have no shortage of money. For example, last month a representative of the hack group gave an interview to the YouTube channel Russian OSINT, stating that the REvil members “earn” more than $100 million a year from buybacks.
Thus, one of the REvil developers received the source code for the latest version of the KPOT malware – 2.0.
Journalists remind that KPOT was first discovered in 2018 and is a classic info-stealer capable of stealing passwords of various applications on infected computers. According to a 2019 report by Proofpoint experts, malware is interested in browsers, instant messengers, email clients, VPNs, RDP services, FTP clients, cryptocurrency wallets, and gaming software.
The operators of REvil appear to have acquired KPOT in order to continue its development and expand their already rich set of tools.
Let me remind you that also creators of the REvil (aka Sodinokibi) ransomware put one million dollars in bitcoins on deposit on a Russian-speaking hacker forum. Thus, hackers want to prove to potential partners that they are serious in their business.
