Security Experts:

Connect with us

Hi, what are you looking for?



Kronos: New Financial Malware Sold on Russian Underground Forum

Malware developers have recently started advertising a new banking Trojan on a Russian cybercrime forum, researchers from Trusteer reported on Friday.

Malware developers have recently started advertising a new banking Trojan on a Russian cybercrime forum, researchers from Trusteer reported on Friday.

The malware, dubbed “Kronos,” costs $7,000, but its creators are giving potential customers the opportunity to conduct one-week tests for the price of $1,000, which includes full access to the command & control (C&C) server and to all of the Trojan’s capabilities, the IBM security company said.

Trusteer researchers noted that coincidence or not, in Greek mythology, Kronos is the father of Zeus.

The creators of Kronos promise a lifetime product license, and free updates and bug fixes for those who pay the $7,000, amount which can be paid via Bitcoin, Perfect Money, WMZ, and the Bitcoin/Litecoin exchange BTC-E.  While updates and bug fixes are free of charge, customers will have to separately acquire newly created modules, the malware creators explained in a forum post. When Trusteer stumbled upon the offer, the threat wasn’t released yet and its authors were promising pre-release discounts.

Similar to other banking Trojans, Kronos comes with form-grabbing and HTML injection capabilities that are allegedly compatible with both the latest and most older versions of Chrome, Firefox and Internet Explorer Web browsers. 

“In addition, the HTML injection mechanism is compatible with Zeus. Because Zeus is the most widely deployed malware, and it is likely that potential clients have used or still use Zeus variants, the authors of Kronos made sure that the HTML injection files used by Zeus operators can be easily implemented with Kronos,” Etay Maor, a senior fraud prevention strategist at Trusteer, wrote in a blog post.

The Trojan also supposedly runs on both 32-bit and 64-bit systems and includes rootkit capabilities that make it stealthier and protect it against other pieces of malware. Kronos is also designed to evade antivirus solutions, by using what its authors call an undetected injection method, and sandboxes. Communications between bots and the C&C server are encrypted, the developers said.

 Trusteer researchers point out that they haven’t performed an analysis of the threat. All the information provided is based on the posts published on an underground forum by the malware developers. It remains to be seen if this new Trojan is legitimate and will be widely adopted by cybercriminals considering that it’s currently marketed as one of the most expensive pieces of malware.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.