Cyjax notes:
The source code for the KPot stealer has been auctioned off, with a representative of the REvil ransomware group being the sole public bidder.
KPot first appeared in the darknet in mid-2018 as a Malware-as-a-Service (MaaS). It’s functionality included:
Collect passwords, cookies, browsing history and autofill forms from Chrome, Firefox and Edge
Collect data on all RDP files stored in the infected machine
Collect general system information, including IP address, username and installed software
Read more.