{ "id": "d6292853-8cb5-4ab6-baf9-5a43e1f40a70", "created_at": "2026-04-06T00:15:43.486221Z", "updated_at": "2026-04-10T13:13:00.087326Z", "deleted_at": null, "sha1_hash": "3356145e851ba28b7b8da3349b8a4eacd56bdd9f", "title": "Watch out, the Kraken botnet can easily bypass Defender and steal your crypto", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 102884, "plain_text": "Watch out, the Kraken botnet can easily bypass Defender and steal\r\nyour crypto\r\nBy Alexandru Poloboc\r\nPublished: 2022-02-21 · Archived: 2026-04-05 21:07:35 UTC\r\nAs most of you may already know, the Redmond-based tech company recently made an important update to the\r\nWindow Defender Exclusions permission list.\r\nNow, due to the change implemented by Microsoft, it is no longer possible to view the excluded folders and files\r\nwithout administrator rights.\r\nAs you can imagine, this is a significant change as cybercriminals often use this information to deliver malicious\r\npayloads inside such excluded directories in order to bypass Defender scans.\r\nBut, even so, safety is a relative term and whenever we think that we are safe, there are always going to be\r\ninsidious third parties ready to breach our security.\r\nBeware of the new Kraken botnet\r\nEven with all the safety measures taken by Microsoft, a new botnet called Kraken, which was recently discovered\r\nby ZeroFox, will still infect your PC.\r\nKraken adds itself as an exclusion instead of trying to look for excluded places to deliver the payload, which is a\r\nrelatively simple and effective way to bypass Windows Defender scan.\r\nThe team stumbled upon this dangerous botnet back in October 2021, when nobody was aware of its existence, or\r\nthe harm it could do.\r\nThough still under active development, Kraken already features the ability to download and execute secondary\r\npayloads, run shell commands, and take screenshots of the victim’s system.\r\nIt currently makes use of SmokeLoade in order to spread, quickly gaining hundreds of bots each time a new\r\ncommand and control server is deployed.\r\nhttps://windowsreport.com/kraken-botnet/\r\nPage 1 of 3\n\nThe security team that made the discovery also noted that Kraken is mainly a stealer malware, similar to the\r\nrecently discovered Windows 11 lookalike website.\r\nKraken’s capabilities now include the ability to steal information related to users’ cryptocurrency wallets,\r\nreminiscent of the recent fake KMSPico Windows activator malware.\r\nThe botnet’s feature set is simplistic for such software. Although not present in earlier builds, the bot is capable of\r\ncollecting information about the infected host and sending it back to the command and control (C2) server during\r\nregistration.\r\nThe information collected seems to vary from build to build, though ZeroFox has observed the following being\r\ncollected:\r\nHostname\r\nUsername\r\nBuild ID (TEST_BUILD_ + the timestamp of the first run)\r\nCPU details\r\nGPU details\r\nOperating system and version\r\nhttps://windowsreport.com/kraken-botnet/\r\nPage 2 of 3\n\nIf you want to find out more about this malicious botnet and how you can better protect yourself against attacks,\r\nmake sure you read the full ZeroFox diagnostic.\r\nAlso, be sure to also stay on top of any sort of attacks that might come via Teams. It pays to always stay one step\r\nahead of hackers.\r\nHave you ever found yourself being a victim of such a cyber attack? Share your experience with us in the\r\ncomments section below.\r\nAlexandru Poloboc Shield\r\nTech Journalist\r\nWith an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his\r\ntime working as a news reporter, anchor, as well as TV and radio entertainment show host. A certified gadget\r\nfreak, he always feels the need to surround himself with next-generation electronics. When he is not working, he\r\nsplits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.\r\nReaders help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon\r\nSource: https://windowsreport.com/kraken-botnet/\r\nhttps://windowsreport.com/kraken-botnet/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://windowsreport.com/kraken-botnet/" ], "report_names": [ "kraken-botnet" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434543, "ts_updated_at": 1775826780, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3356145e851ba28b7b8da3349b8a4eacd56bdd9f.pdf", "text": "https://archive.orkl.eu/3356145e851ba28b7b8da3349b8a4eacd56bdd9f.txt", "img": "https://archive.orkl.eu/3356145e851ba28b7b8da3349b8a4eacd56bdd9f.jpg" } }