Detecting botnets that can easily bypass Windows Defender and steal crypto wallet data
Any poorly secured system can easily fall victim to a malicious botnet.
Microsoft recently had to rush to release an update related to Window Defender, which removed the ability to access excluded folders and files without administrator rights. In other words, users will now be forced to own admin rights to see the list of excluded folders and files in Window Defender.
This is a notable change because threat actors often try to abuse this type of information to deploy malicious payloads inside excluded directories, with the ultimate goal of circumventing the rules. Windows Defender malware scanner.
However, this Microsoft method may not work against a new botnet called Kraken, which was recently discovered by the ZeroFox security team. The reason is that this botnet simply turns itself into the exclusion data, instead of trying to find the excluded folders and files to distribute the payload like many other botnets do. This is obviously a relatively simple but smart and effective 'trick' to bypass Window Defender's malware scanning.
The mechanism of action of the botnet is basically explained by ZeroFox as follows:
During Kraken's installation, it will try to switch itself to %AppData%Microsoft.
[.]
To hide from Window Defender, Kraken runs the following two commands:
powershell -Command Add-MpPreference -ExclusionPath %APPDATA%Microsoft
attrib +S +H %APPDATA%Microsoft
ZeroFox notes that Kraken is primarily a data-stealing malware, similar to the recently discovered fake Windows 11 lookalike website. Experts also added that Kraken's most dangerous ability at the moment is to steal information related to users' cryptocurrency wallets.
The most dangerous additional feature of the botnet is the ability to steal different crypto wallets from the following places:
%AppData%Zcash %AppData%Armory %AppData%bytecoin %AppData%Electrumwallets %AppData%Ethereumkeystore %AppData%Exodusexodus.wallet %AppData%GuardaLocal Storageleveldb %AppData%atomicLocal Storageleveldb %AppData%com.liberty.jaxxIndexedDBfile__0.indexeddb.leveldb
You can find more details on how the Kraken botnet works in ZeroFox's blog post HERE.
You should read it
- Hackers wiped out thousands of Solana wallets overnight, the error came from the Dev position of Slope wallet
- French police successfully cracked down on a botnet that exploits 850,000 computers from more than 100 countries.
- Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
- How to see which Windows Defender has found malware on a PC
- How to earn and use virtual currency with Brave browser
- 5 super fast ways to stop digging virtual money on web browser
- How to add exceptions in Windows Defender on Windows 10
- After Facebook, Google in turn blocks ads related to virtual money
May be interested
- 9 popular crypto termshere are the commonly used terms in the field of cryptocurrencies, for your reference.
- Use Windows Defender with Command Prompt on Windows 10windows defender is a free antivirus software that microsoft has created to combat malware on computers. this security software is integrated on windows 10 and windows 8.1. windows defender will find and remove viruses, spyware, rootkits and bootkits and some other malicious code on your computer.
- Hackers take advantage of Microsoft Defender's 8-year-old weakness to bypass the virus detection systemhackers take advantage of the weakness of microsoft defender anti-virus software to learn the locations excluded from the scan and plant malware there.
- How to kill viruses with Windows Defender Offline on Windows 10 Creatorswindows defender on windows 10 creators has been upgraded and the interface is changed to windows defender security center. and users can activate the windows defender offline feature on windows 10 creators.
- Shadow Defender - Download Shadow Defender hereshadow defender takes the approach: create a virtual space on the computer (shadow mode) and then redirect any changes on the system to it, so that any malicious activity will not affect the system. real system.
- How to use Windows Defender to scan programs that do not want PUP?windows defender is a security and anti-virus software built into windows. users can use windows defender to remove viruses and malware on their windows 10 computers.
- Add the 'Scan with Windows Defender' command to the right-click menu in Windows 8windows 8.1 users may not need to install any antivirus program to protect because it itself is equipped with windows defender by microsoft. basically, windows defender provides good protection for users to use safely. however, when windows defender is needed to scan suspected files or folders, you must access control. panel to call it, this sometimes causes a little inconvenience for users.
- Instructions for using Google Wallet for beginnersgoogle wallet is google's mobile payment platform. with this platform, users can turn their smartphone into an electronic wallet to pay anywhere.
- How to Turn Off Windows Defender in Windows 10this wikihow teaches you how to turn off windows defender, both temporarily and 'permanently', in windows 10. while windows defender can be disabled until you restart your computer from within settings, you can prevent windows defender...
- Instructions to turn off Windows Defender completely on Windows 10- - windows defender is a free antivirus that comes with windows 10, completely turning off windows defender networking to an unexpected effect, helping weak computers using win 10 to be smoother. below techz will show you how to turn off windows defender completely on windows 10.