[.]
To hide from Window Defender, Kraken runs the following two commands:
powershell -Command Add-MpPreference -ExclusionPath %APPDATA%Microsoft
attrib +S +H %APPDATA%Microsoft
ZeroFox notes that Kraken is primarily a data-stealing malware, similar to the recently discovered fake Windows 11 lookalike website. Experts also added that Kraken's most dangerous ability at the moment is to steal information related to users' cryptocurrency wallets.
The most dangerous additional feature of the botnet is the ability to steal different crypto wallets from the following places:
%AppData%Zcash %AppData%Armory %AppData%bytecoin %AppData%Electrumwallets %AppData%Ethereumkeystore %AppData%Exodusexodus.wallet %AppData%GuardaLocal Storageleveldb %AppData%atomicLocal Storageleveldb %AppData%com.liberty.jaxxIndexedDBfile__0.indexeddb.leveldb
You can find more details on how the Kraken botnet works in ZeroFox's blog post HERE.