The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying code and are actively targeting victims in Germany, Japan and Poland.
The latest variant has incorporated a new command-and-control feature designed to work with the Tor anonymizing network, according to an analysis by Proofpoint researchers
published Tuesday.
They believe that Kronos has been not only retooled, but may also have been rebranded as Osiris. That’s the name some criminals are using for a nearly identical trojan being sold on underground markets.
“While there is significant evidence that this malware is a new version or variant of Kronos, there is also some circumstantial evidence suggesting it has been rebranded and is being sold as the Osiris banking trojan,” Proofpoint said. The name would be apt: Osiris is the Egyptian god of rebirth.
