KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. Proofpoint researchers started seeing KPOT Stealer distributed via email campaigns and exploit kits in August 2018 (Figure 1). In addition, colleagues at Flashpoint Intel observed the malware targeting users of the Jaxx cryptocurrency wallet in September 2018.