The $7,000 price is not a sum that would scare off serious cybercriminals if the offer is solid, Tarakanov said. "Professional groups can make hundreds of thousands [of dollars], so $7,000 is more than acceptable for them."
Without third-party analysis the claims made by Kronos' creator should be viewed with skepticism, said Chris Boyd, malware intelligence analyst at Malwarebytes, via email. "In particular, sandbox bypassing is a very broad claim -- there are multiple sandboxes and they all have many ways to defeat evasive malware. Getting around one could well be doable, but all of them? It's probably unlikely, and if it could do that one suspects it would fetch a much higher asking price."
The promise of continued support and bug fixes might be one of the most attractive features of Kronos, according to Tim Erlin, director of security and risk at Tripwire.
"Anyone running a business requires stable and secure software to do so, and that includes cybercriminals," Erlin said. "Being new, and therefore harder to detect, is [also] a feature in and of itself."
News of this new online banking malware threat comes after law enforcement agencies from several countries at the beginning of June worked with security vendors to shut down a financial fraud botnet based on a Zeus spin-off called Gameover. The FBI estimates that the botnet led to losses of over US$100 million globally.
On Friday, security researchers from CSIS Security Group in Denmark reported that the source code of yet another online banking Trojan called Tinba was leaked on underground forums.
"The cybercriminal underground is a market," Tarakanov said. "Source code leakages and botnet shutdowns have been happening constantly but we see virus writers from time to time come up with new (or based on old but modified) banking malware. It proves that the market wants such tools."