Security News > 2022 > February > New Golang botnet empties Windows users’ cryptocurrency wallets
A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control server.
First spotted in October 2021 by ZeroFox researchers who dubbed it Kraken, this previously unknown botnet uses the SmokeLoader backdoor and malware downloader to spread to new Windows systems.
After infecting a new Windows device, the botnet adds a new Registry key to achieve persistence between system restarts.
The botnet also features built-in information theft capabilities and can also steal crypto wallets before dropping other info stealers and cryptocurrency miners.
Based on info collected from the Ethermine cryptocurrency mining pool, this botnet seems to be adding roughly USD 3,000 every month to its masters' wallets.
"While in development, Kraken C2s seem to disappear often. ZeroFox has observed dwindling activity for a server on multiple occasions, only for another to appear a short time later using either a new port or a completely new IP," the researchers added.