Kronos

Kronos is known in Greek mythology as the “Father of Zeus.” Kronos malware was first discovered in a Russian underground forum in 2014 after the takedown of Gameover Zeus. It was more expensive than many other banking trojans, costing $7,000 to buy outright or $1,000 for a one-week trial. Many other banking trojans could be bought from underground forums for hundreds, not thousands, of dollars. Kronos marketed itself as one of the most sophisticated trojans, and many malware researchers commented that its author(s) clearly had prior knowledge of malware techniques.The code is well obfuscated using many different techniques. Security researchers from Kaspersky Lab postulated that Kronos may be a spin-off of the Carberp banking trojan, The code is well obfuscated using many different techniques. Security researchers from Kaspersky Lab postulated that Kronos may be a spin-off of the Carberp banking trojan, and IBM analysts also connected Kronos to Zeus through its compatible HTML injection mechanism.In August 2017, Marcus Hutchens, the security researcher who single handedly put a halt to the WannaCry ransomware outbreak, was indicted and charged with writing with intent to distribute Kronos malware. In April 2019, Hutchins pled guilty to two of the ten charges laid against him. As of July 26th 2019, Hutchins was sentenced to time served with supervised release. Unlike many other banking trojans, Kronos did not die out with the arrest of a supposed key author. In July 2018, Kronos reemerged with three distinct campaigns targeting Germany, Japan, and Poland. There is also some circumstantial and speculative evidence in the malware research community suggesting that Kronos has been rebranded and is being sold as the Osiris banking trojan.Kronos is still active and continues to be a threat.