Click on screenshot to zoom
Danger level 8
Type: Trojans

Krypton Stealer

Krypton Stealer is the kind of infection that was built to steal information. Unfortunately, the information this malware can gather and place into the hands of cyber criminals is very sensitive, and victims can face serious security issues because of it. At this point, it is not clear who created this malware or how it is distributed, but there is a possibility that it could be sold on underground hacking forums. This is how malware builders often sell their products, and, unfortunately, many different individuals are willing to invest in them. Due to this, many different parties could be behind the malicious info-stealer, and that means that we could see many different versions of the infection too. In any case, it is crucial that users remove Krypton Stealer as soon as possible. If you discover this threat as well, hopefully, you can delete it before it records and leaks any information, but do not forget to take appropriate measures to secure it so that remote attackers could not use it against you.

Info-stealers emerge from time to time, and Krypton Stealer is certainly not the first or the last of its kind. A few other threats whose removal our research team has discussed already include Vega Stealer and August Stealer. Although they have similarities, they are also quite unique. Krypton Stealer – as it was found – records all information in one folder found in the %TEMP% directory. The name of this folder is likely to be unique in every case, but its name is represented in a CLSID format. According to our research, the random number and letter combinations in this name come in the “8-4-4-4-12” format, and the number represents how many numbers and letters are in one section. After the information is collected, it is sent to a remote server, and then the folder is automatically deleted. This makes it impossible to know exactly what kind of data is recorded and sent to the attackers. Nonetheless, our research team has analyzed the code of the malicious Trojan, and we know its capabilities.

According to our research team, Krypton Stealer can record screenshots to see what the attacked user is doing. It also can enumerate the uninstall registry to read which programs are installed on the computer. Unfortunately, it can do things much worse than that. It is now known that the threat can record saved data from all kinds of web browsers, including Amigo, Google Chrome, Internet Explorer, Opera, and Yandex. This might include saved passwords and other login credentials, payment card information, or browsing history. Furthermore, Krypton Stealer also can steal credentials from NordVPN and ProtonVPN clients, as well as from file management tools, including Filezilla, FTP Navigator, and TotalCommander. Finally, if the infection is not deleted in time, it also can leak sensitive information from Electrum, Ethereum, Exodus, and Jaxx cryptocurrency wallets. In the hands of cyber criminals, this information could help them hijack user’s accounts, empty wallets, perform illicit transactions, send bogus messages containing malware installers, and impersonate them in other malicious ways.

Without a doubt, Krypton Stealer is not the kind of infection that you want to play games with. This threat is dangerous, and the sooner you remove it from your system – the better. Unfortunately, once you discover the Trojan, private information might have been leaked and used already. This is why you want to take care of your security after you delete Krypton Stealer as well. First, let’s eliminate this malware. If you cannot identify the infection’s launcher, you might be unable to remove it yourself. Since this file could be dropped anywhere, and we are sure that its name would be unique in every case, we cannot give you a clear path to it. However, a legitimate anti-malware program should have no trouble finding this threat on your operating system, and so we recommend installing it now. After you have the Trojan removed, quickly change the passwords to all of your accounts, and then contact your bank and cryptocurrency wallet operators, who will be able to advise you on how to secure your money.

Krypton Stealer Removal

  1. Delete all recently downloaded suspicious files. A few locations you should check first:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  2. Empty Recycle Bin.
  3. Inspect the system using a reliable malware scanner (do not skip this step!).
Download Spyware Removal Tool to Remove* Krypton Stealer
  • Quick & tested solution for Krypton Stealer removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.