Home Malware Programs Trojans KPOT v2.0

KPOT v2.0

Posted: July 25, 2019

KPOT is spyware that collects information from your computer, including both files and account logins. Many of its campaigns use browser-based exploits or e-mail spam for compromising victims. Users should have anti-malware products installed for removing KPOT on sight and change all passwords after disinfection.

Trojans Making a Jackpot Out of Your Information

Although KPOT's existence is long-established by the cyber-security community, like many for-hire threats, it's is taking advantage of long-term maintenance and development for improving itself. The 2.0 build of KPOT is especially noteworthy, not for an extra feature, but the removal of one. By not persisting over system reboots, this spyware reduces its chances of detection and, consequently, raises the probability of its collecting intel.

KPOT is a spyware-as-a-service style threat that offers a sophisticated, Windows-based package for collecting information from compromised computers. Threat actors can 'rent' it for just under a hundred USD, although the method of distributing it remains up to them. The previous infection exploits that malware experts see related to KPOT's campaigns include Exploit Kits and e-mail attacks. The first leverages software vulnerabilities through the user's browser, and the second consists of attached Word documents pretending that they're payment notifications.

The modernized version of KPOT uses XOR encryption for hiding its internal text from analysis, and its C&C admin panel removes elements that identify the Trojan by name. More significantly, malware experts confirm its keeping most of its data-collecting features. Through them, the spyware can take screenshots, scrape credentials from browsers and dozens of social networking applications, and may target additional files on the computer for theft. KPOT runs all of these attacks after a series of commands it accepts from the server after contact and doesn't bother establishing system persistence afterward.

Breaking a Criminal's Potential Pot of Gold

KPOT is a general-purpose data collector that casts a wide net over victims. These individuals can include cryptocurrency users, casual Web surfers, gaming enthusiasts, and even users of VPN and RDP features. Although its lifespan on a compromised PC is brief, the same security breach can result in further attacks for collecting more information or dropping other threats. Even users without sensitive, online accounts are at risk since KPOT can exfiltrate any file that its C&C configuration specifies.

Users who disable document macros and browser features like JavaScript and Flash will enjoy improved protection against KPOT's known infection strategies. Traditional anti-malware services, also, include defenses for blocking browser-based drive-by-downloads and identifying Trojan droppers inside of a corrupted document. User education remains important since KPOT's e-mail tactics adhere to well-known phishing templates.

Users suspecting a possible compromise should run a complete anti-malware scan for removing KPOT or verifying that no other threats remain persistent. They also should change their passwords and disable any active Remote Desktop admin features afterward.

KPOT is one of the subtler threats that can arrive with the help of the Fallout Exploit Kit or the RIG Exploit Kit. The risks of leaving your browser open to manipulation by third parties are high, even if the immediate aftereffects are invisible.

Loading...