KINS - new crimeware toolkit

Since the attackers, in fact, stopped selling malicious banking software Citadel last year, the AV industry has not seen the emergence of new "players" in this market. But yesterday, our colleagues at RSA Security published their own observations , according to which a new crimeware toolkit called KINS was put up for sale at one of the underground forums. The standard version of this banking malware tulkit, which includes a dropper, DLLs, and Zeus-like web injects, costs $ 5,000. Additional modules can be purchased for $ 2,000. The second unpleasant news is that this toolkit includes a bootkit component, which significantly increases its survival on compromised computers.

The realities of the market for such tools are such that cybercriminals are interested in buying not just banking Trojan software, which allows them to steal funds from accounts, but to a greater extent, special toolkits that provide them with a modular management structure and the ability to organize their own business with this malware, and also good tech support for managing it. RSA researchers indicate that traces of KINS were traced in February 2013, when it first began to be mentioned in special forums of cybercriminals. It was recently announced the beginning of the sale of KINS in an underground forum. Despite the fact that the author himself denies any connection of his banking software with his predecessors Zeus, Citadel or SpyEye, there are a number of weighty arguments to refute this, for example, using web injects similar to Zeus or the presence of the Anti-Rapport plugin, as in SpyEye .