Kpot InfoStealer is an information stealing trojan that is available for sale in the underground markets. It will silently collect and steal sensitive information and passwords from web browsers, mail clients, FTP clients, cryptocurrency wallets, and other applications from the compromised system. Kpot InfoStealer will make connections to a Command & Control (C&C) Server and, depending on the configuration from the C&C server, it may issue commands to perform various malicious activities on the victim’s computer.
This post serves to inform our customers about detection and protection capabilities within the VMware Carbon Black suite of products against Kpot InfoStealer.
The following is a screenshot of Cloud Enterprise EDR (CB ThreatHunter) process chart by Kpot InfoStealer.
In addition, VMware Carbon Black Cloud Endpoint Standard (CB Defense) will display the malware’s overall triggered TTPs.