Khalesi
Khalesi is spyware that collects various information types from your computer and can compromise cryptocurrency wallets, social messaging accounts and credit cards. Some infections also correspond to related attacks by the KPOT Stealer, a less-specialized spyware threat. Users should let their anti-malware tools remove Khalesi once they identify it and re-secure all accounts without delay.
Fantasy Media is this Spy's Calling Card
The enduring legacy of the 'Game of Thrones' show and its source material, Martin's 'Song of Fire and Ice' literature, is distinct in both pop culture and the underbelly of hackers' subculture. Deployments of what's a likely reference to that gritty tale are occurring in a spyware format: Khalesi. Although Khalesi's spelling is slightly off from the character whose name it borrows, it offers a similarly-domineering view over its victims: except as data theft instead of old-school tyranny.
Malware researchers strongly suspect that Khalesi's authors are Russian or based near that nation. Despite having several variants, including PE and Visual Basic-compiled forks, all known versions include a language and keyboard check for Eastern Europe. If the user is using such settings, the software remains active but doesn't transfer what it collects. This precaution is very typical for hackers avoiding the unwanted attention of law enforcement in ex-Soviet nations. Khalesi also has various extra defenses against both analysis and detection, some of which trigger deliberate crashes of the program.
Khalesi collects a flexible and very invasive range of data from Windows PCs, which it stores in temporary files before uploading to a C&C server. The applications and services that malware experts confirm as at risk include:
- Chrome (and other Chromium browsers), Mozilla and IE
- Some Virtual Private Networks
- Monero, Electrum and other cryptocurrency wallets
- General Windows user credentials
- Credit cards
- FTP clients
- Valve's Steam and Blizzard's Battle.net (gaming clients)
Breaking Out of Subjugation by Software
Attacks leveraging Khalesi also correspond to the deployment of the KPOT Stealer, a similarly-purposed data stealer. The threat actor may be using Khalesi as cover for the deficiencies in the other spyware, which contains less-specific data-collecting functionality. In both cases, however, malware experts rate each program as threatening to your PC and capable of giving information to criminals without any symptoms that would alert the user.
Khalesi's distribution methods include drive-by-downloads through a sales bot service-selling website, Botsphere.biz. Web surfers should avoid any unprotected content with the site and should consider implementing basic safety standards like turning off JavaScript and patching outdated software. Website admins can prevent hacking attempts by using appropriate password practices and establishing version control for their server-critical software.
Updated anti-malware solutions hold the best chance of detecting or removing Khalesi infections safely or blocking the drive-by-downloads they exploit. Some individuals may benefit from using analysis or sandbox-related software for forcing Khalesi into self-terminating theoretically, although such methods are impractical for casual PC users.
Khalesi is outstanding evidence of both Russia's 'see no evil' relationship with the cyber-security landscape and the value that hackers place on pop culture media. Whether you appreciate a good tale of political treachery and dragons or not, Khalesi is as hostile to your PC as any villain in George R. R. Martin's tales.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.