New banking malware named “Kronos” is being advertised as a commercial alternative to older Trojans.
According to CSO, the Trojan is designed to steal login credentials and other financial information from online banking websites, and it is being advertised to cybercriminal groups on the underground market. An advert claimed it can steal credentials from browsing sessions in Internet Explorer, Mozilla Firefox and Google Chrome by using form-grabbing and HTML content injection techniques.
In addition to the information-theft capabilities, the new Trojan has a user-mode rootkit component for 32-bit and 64-bit Windows systems that can protect its processes from competing malware. Its creator also claims that Kronos can evade antivirus detection and sandbox environments typically used for malware analysis. The new cybercriminal tool is being advertised for $7,000, a price that includes the promise of continued development, free upgrades and bug fixes.