In Greek Mythology, Kronos is known as the father of lightning God Zeus. However, in the real world, “KRONOS” named virus is infamous for hijacking online bank accounts, conducting identity theft and much more.
According to Securonix researchers, the $7,000 Banker Trojan, available on the Russian Underground forum, has received a new update. For those who don’t know, Kronos belongs to the family of other advanced level trojans like Zeus, Gozi, Citadel.
The new variant of Kronos, also knows as Osiris, was first discovered in July 2018; three distinct campaigns targeted for Germany, Japan, and Poland are already underway, the research says.
The new update includes features like TOR network command control, keylogging, and remote control via VNC along.
The primary infiltration vector used in the campaigns include phishing e-mails, specially crafted Microsoft Word documents/RTF attachments. It uses an exploit kit like RIG EK to distribute the virus.
Also, the infiltrated malicious documents exploit a known buffer overflow vulnerability in MS Office Equation Editor Component—CVE-2017-11882.
The malware uses Anti-VM or Anti-Sandbox like mechanisms to evade detection on any virtual environment. Also, the Osiris virus can modify the internet zones and lower the browser’s security inject malicious code into the websites.
The trojan can also copy itself to different PC locations along with several DLLs, executables for TOR, and image files. It can also create shortcuts in the startup folder as well.