REvil ransomware operators acquired the source code of KPOT malware at auction held at hacking forum last month. The sale took place after the creator of KPOT malware decided to put the code up for auction.
The security researcher Pancak3 said last month in an interview with ZDNet that the sale was held as a public auction in a private underground hacking forum for Russian speakers cybercriminals. According to Pancak3, the only bidder was UNKN, a well-known member of the REvil / Sodinokibi ransomware gang. UNKN paid the initial demand price of $ 6.500, while other members of the forum refused to participate, noting that the demand price rose sharply. REvil ransomware operators received the latest KPOT 2.0 source code version of KPOT malware.
Having been discovered in 2018, KPOT is a classic infostealer (information thief) that can remove and steal passwords from various applications that exist on "infected" computers. This includes web browsers, e-mail clients, VPN, RDP services, FTP applications, wallets encryption and software toys, according to a report released by Proofpoint the 2019.
Pancak3, which discovered the KPOT auction in mid-October, told ZDNet that it believes the REvil gang bought KPOT to further develop and develop it, as well as to add it to its arsenal for future attacks in corporate networks.
Unlike UNKN and the Revil gang, many other forum members described the KPOT code as "overpriced". The member of the Revil gang recently gave an interview to his Russian channel YouTube, claiming that this ransomware gang makes more than $ 100 million a year. UNKN also claimed that the gang feared possible killings more than it feared the response and action of law enforcement.