Kronos (malware)

Last updated July 04, 2025

Kronos was a type of banking Windows malware first reported in 2014.

History

It was developed as a followup to the UPAS Kit which has been released in 2012.^[1] It was sold for $7,000.^[2]

Similar to Zeus,^[3] it was focused on stealing banking login credentials from browser sessions via a combination of keylogging and web injection.^[4] In 2015, its attacks were focused on British banks.^[2]^[1]

In August 2017, British security researcher Marcus Hutchins (aka 'MalwareTech'), previously notable for his involvement stopping the May 2017 WannaCry ransomware attack,^[5] was arrested by the FBI whilst visiting the United States.^[6] He was alleged to have created the software in 2014, and to have sold it in 2015 via the AlphaBay forums.^[7]^[8] Hutchins later admitted to being paid to work on Kronos and its predecessor UPAS Kit (named after the toxic Upas tree) as the main developer between 2011 and spring 2015.^[1]

References

1 2 3 Greenberg, Andy (12 May 2020). "The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet". Wired. Retrieved 13 May 2020.
1 2 Kessem, Limor (October 2, 2015). "UK Banks Hit With New Zeus Sphinx Variant and Renewed Kronos Banking Trojan Attacks". Security Intelligence. Retrieved November 8, 2018.
↑ "Overview of the Kronos banking malware rootkit". Lexsi Security Hub. September 24, 2014. Retrieved November 8, 2018.^{[ permanent dead link ]}
↑ Constantin, Lucian (14 July 2014). "New banking malware 'Kronos' advertised on underground forums" . Retrieved 4 August 2017.
↑ Gibbs, Samuel (22 May 2017). "WannaCry hackers still trying to revive attack says accidental hero". The Guardian. Retrieved 22 May 2017.
↑ McGoogan, Cara (4 August 2017). "WannaCry hero Marcus Hutchins could face 40 years in US prison" . Retrieved 4 August 2017.
↑ Cox, Joseph (August 3, 2017). "Kronos Indictment R". DocumentCloud. (independent journalist). Retrieved November 8, 2018.
↑ Kerr, Orin (3 August 2017). "The Kronos indictment: Is it a crime to create and sell malware?" . Retrieved 4 August 2017.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Greenberg-1] 1 2 3 Greenberg, Andy (12 May 2020). "The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet". Wired. Retrieved 13 May 2020.

[secin-2] 1 2 Kessem, Limor (October 2, 2015). "UK Banks Hit With New Zeus Sphinx Variant and Renewed Kronos Banking Trojan Attacks". Security Intelligence. Retrieved November 8, 2018.

[3] "Overview of the Kronos banking malware rootkit". Lexsi Security Hub. September 24, 2014. Retrieved November 8, 2018.^{[ permanent dead link ]}

[4] Constantin, Lucian (14 July 2014). "New banking malware 'Kronos' advertised on underground forums" . Retrieved 4 August 2017.

[5] Gibbs, Samuel (22 May 2017). "WannaCry hackers still trying to revive attack says accidental hero". The Guardian. Retrieved 22 May 2017.

[6] McGoogan, Cara (4 August 2017). "WannaCry hero Marcus Hutchins could face 40 years in US prison" . Retrieved 4 August 2017.

[7] Cox, Joseph (August 3, 2017). "Kronos Indictment R". DocumentCloud. (independent journalist). Retrieved November 8, 2018.

[8] Kerr, Orin (3 August 2017). "The Kronos indictment: Is it a crime to create and sell malware?" . Retrieved 4 August 2017.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]