Home Malware Programs Trojans Kronos

Kronos

Posted: August 7, 2014

Threat Metric

Threat Level: 8/10
Infected PCs: 19
First Seen: August 7, 2014
Last Seen: November 9, 2021
OS(es) Affected: Windows


Kronos is a banking Trojan that uses a combination of man-in-the-browser or MitB and Web-injecting attacks for compromising your bank account credentials. While banking Trojans don't always create symptoms, many of them have the option of instigating requests for your information and other, noticeable changes in your browser and the associated websites. Victims should let a dedicated anti-malware product handle removing Kronos and re-secure their account according to the bank's guidelines afterward.

Time's Scythe Swings Back to this Trojan

The banking Trojan Kronos, while active for years in various formats and in connection to different campaigns, like the attacks of the ScanPOS Point-of-Sale Trojan, is a threat that refuses to die. Although some of its most recent recyclings attempt to ditch the brand name in favor of a new one (the 'Osiris' banking Trojan), it remains relevant to the Web banking environment due to a combination of quality baseline code and bank customers refusing to protect themselves. The result of this oversight, for one victim, can be the funneling of all their money to criminals.

Kronos is being sold out to third parties on the dark Web and may circulate through different methods. Malware experts are confirming particularly recent campaigns in Japan and Europe. Some exploits are focusing on the traditional e-mail-attached documents, with or without embedded vulnerabilities, while others compromise advertising networks for redirecting the audiences to the RIG Exploit Kit. The careless use of document macros, JavaScript, Flash, and outdated software all correlate highly to the success of these infection strategies.

Kronos is a C++ program that leverages comprehensive data-collecting features, regarding the user's browser experience especially. It can record all keyboard input (AKA keylogging), collect information like passwords and usernames from form fields, and use Keylogger Zeus's infamous man-in-the-browser techniques for modifying the victim's Web content locally. This last attack could ask for more information by posing as a bank website or redirect traffic to phishing domains, along with other dangers.

Time Changes Trojans but not Security Habits

Kronos, an etymological derivative of the Greek god of time, has undergone various developments from 2014 up to the current year. However, its infection strategies aren't as durable as the Trojan's payloads necessarily and may include additional mistakes – or threats – courtesy of the different criminals that are hiring it. Updating software, disabling macros, turning off JavaScript, Flash, and Java, blocking advertisements, and being careful around e-mail attachments and links will provide sufficient armoring against most of the infection techniques in use.

Users always should be attentive to discrepancies in their browsing experiences that suggest a third party's interference. Redirects to websites with incorrect addresses, requests for non-standard information, and prompts for downloading updates or other files are possible symptoms of banking Trojans. Kronos is compatible with most browsers to various levels, including Chrome, Internet Explorer and Firefox.

After any suspicion of infection, close your browse, terminate your Internet connection, and disinfect the PC or device with a compatible anti-malware solution. Because this threat is one of many forms of spyware that is, by definition, stealth-based, you never should try identifying or removing Kronos without an anti-malware service or industry specialist's assistance.

Banking Trojans will retain value as long as banking takes place online and is vulnerable to the techniques that Kronos, Keylogger Zeus, and other Trojans use against customers. This omen, while grim, is one that should be taken as a hint to not click on every file that invites doing so.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\win32.exe File name: win32.exe
Size: 516.48 KB (516480 bytes)
MD5: 676477001ff4e35051c7b9c090ccf6ee
Detection count: 98
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: June 6, 2017
file.exe File name: file.exe
Size: 406.88 KB (406882 bytes)
MD5: 70d8729ca630dd3b0f9a62998642ec76
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 20, 2016

Related Posts

Loading...