KINS client part leaked
Earlier, we mentioned the powerful new KINS banking malware. This is a crimeware toolkit that provides attackers with great opportunities to steal various data from users. Now, however, it became known that part of the texts of the “client” part of KINS was available to everyone. The Xylit0l blog shows some inconsistencies with the original Fox-IT article about the first KINS samples, which was released after the RSA publication .
We can state that the leakage of the texts of the next malicious banking software is bad news for users, as it will provoke a new wave of distribution of droppers based on these texts. Archive includes:
')
At the same time, the archive does not contain the implementation code of the LPE exploits MS10-073 and MS10-092 , whose files are declared in the dropper project.
We can state that the leakage of the texts of the next malicious banking software is bad news for users, as it will provoke a new wave of distribution of droppers based on these texts. Archive includes:
')
- Bots control panel (admincore)
- Dropper Builder Texts (Alureon)
- KINS dll texts
- Module softwaregrabber, which is used to steal account data from various services (FTP, POP3, SMTP and others)
- SpyEye plugins / libraries.
At the same time, the archive does not contain the implementation code of the LPE exploits MS10-073 and MS10-092 , whose files are declared in the dropper project.
Source: https://habr.com/ru/post/195938/
All Articles