KPOT Stealer

In August 2018, Proofpoint started seeing KPOT Stealer distributed via email campaigns and exploit kits. KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. In September 2018, the malware was observed targeting users of the Jaxx cryptocurrency wallet. A newer version called KPOT v2.0 is available with features such as the ability to grab files across the entire disk and over the network.

Technical Details

  • Proofpoint provides additional technical details and indicators of compromise (IOCs) here.