Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detecting botnets that can easily bypass Windows Defender and steal crypto wallet data
Any poorly secured system can easily fall victim to a malicious botnet.
Microsoft recently had to rush to release an update related to Window Defender, which removed the ability to access excluded folders and files without administrator rights. In other words, users will now be forced to own admin rights to see the list of excluded folders and files in Window Defender.
This is a notable change because threat actors often try to abuse this type of information to deploy malicious payloads inside excluded directories, with the ultimate goal of circumventing the rules. Windows Defender malware scanner.
However, this Microsoft method may not work against a new botnet called Kraken, which was recently discovered by the ZeroFox security team. The reason is that this botnet simply turns itself into the exclusion data, instead of trying to find the excluded folders and files to distribute the payload like many other botnets do. This is obviously a relatively simple but smart and effective 'trick' to bypass Window Defender's malware scanning.
Detecting botnets that can easily bypass Windows Defender and steal crypto wallet data Picture 1
The mechanism of action of the botnet is basically explained by ZeroFox as follows:
During Kraken's installation, it will try to switch itself to %AppData%Microsoft.
[.]
To hide from Window Defender, Kraken runs the following two commands:
powershell -Command Add-MpPreference -ExclusionPath %APPDATA%Microsoft
attrib +S +H %APPDATA%Microsoft
ZeroFox notes that Kraken is primarily a data-stealing malware, similar to the recently discovered fake Windows 11 lookalike website. Experts also added that Kraken's most dangerous ability at the moment is to steal information related to users' cryptocurrency wallets.
The most dangerous additional feature of the botnet is the ability to steal different crypto wallets from the following places:
You can find more details on how the Kraken botnet works in ZeroFox's blog post HERE.
Kareem WintersYou should read it
- TON - is the crypto currency expected to be the largest ICO in history to be superior to Bitcoin or Ethereum?
- The Gupteba botnet that infected 1 million Windows computers has just been taken down by Google
- Hackers wiped out thousands of Solana wallets overnight, the error came from the Dev position of Slope wallet
- Crypto trading wallet – tips to get the perfect one!
- French police successfully cracked down on a botnet that exploits 850,000 computers from more than 100 countries.
- Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
- How to see which Windows Defender has found malware on a PC
- How to earn and use virtual currency with Brave browser
- 5 super fast ways to stop digging virtual money on web browser
- How to add exceptions in Windows Defender on Windows 10
- After Facebook, Google in turn blocks ads related to virtual money
- What is Dogecoin virtual currency? Should we invest? How to earn Dogecoin fast
Attack the network
Hackers break into chats on Microsoft Teams to spread malware- Detecting malware infection campaign hidden in fake Windows 11 installer
- Vulnerability discovered in ESET anti-virus software could allow hackers to gain system privileges on Windows
- Microsoft successfully prevented nearly 71 billion cyber attacks in 2021
- Another major cryptocurrency trading platform was hacked, $ 80 million 'failed'
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
Hackers break into chats on Microsoft Teams to spread malware
Detecting malware infection campaign hidden in fake Windows 11 installer
Vulnerability discovered in ESET anti-virus software could allow hackers to gain system privileges on Windows
Microsoft successfully prevented nearly 71 billion cyber attacks in 2021
Another major cryptocurrency trading platform was hacked, $ 80 million 'failed'
12-year vulnerability in pkexec gives hackers root privileges on Linux