Russian hackers organized an auction for the KPOT malware

Russian hackers organized an auction to sell the source code of the KPOT malware. It seems that he malware author decided to sell the code and involve in other projects.

The sale happened after the KPOT malware author decided to auction off the code, desiring to move off to other projects.

The action happened last month, on a private underground hacking forum, for the Russian speaking-hackers cyber-criminals.

Russian hackers considered it too pricey

According to the Pancak3 security researcher, cited by ZDNet, most of the members on the forum declined to join the auction, due to the unreasonable high price.

Thus, a well-known member of the REvil (Sodinokibi) ransomware gang, UNKN, was the only bidder.

So, UNKN bought it for the initial asking price, of $6,500. In return, he received the source code of the 2.0 (latest) version of the of KPOT malware.

According to the Pancak3 security researcher, cited by ZDNet, most of the members on the forum declined to join the auction, due to the unreasonable high price.

Thus, a well-known member of the REvil (Sodinokibi) ransomware gang, UNKN, was the only bidder.

So, UNKN bought it for the initial asking price, of $6,500. In return, he received the source code of the 2.0 (latest) version of the of KPOT malware.

KPOT steals information

Security experts spotted KPOT in 2018, for the first time. They consider it a “classic information stealer”, which can extract and steal passwords. They steal from different apps on infected computers.

So, they can do this from VPNs, FTP apps, gaming software or web browsers. According to a Proofpoint report, KPOT can also extract credentials from instant messengers or email clients.

Pancak3 believes that the REvil gang wanted KPOT in order to “further develop it”. Also, he thinks that hackers might add it to their tools, so that they can use it in their intrusions in the corporate networks.

One of the main reasons for which the REvil gang decided to pay the money is that they have enough. In a recent interview on a Russian YouTube channel, UNKN claimed that the REvil gang makes over $100 million from ransom demands, each year.

Also, the member of the gang mentioned that he would not fear a law enforcement action, but an assassination attempt.

It seems the the Russian hackers would do anything for money. A few months ago, the NSA issued an advisory regarding the activity of the Russian hackers.

This happened after they discovered a group have been targeting COVID-19 research and vaccine development in three different countries.