KINS Banking Trojan/Data Theft (credentialed check)

critical Nessus Plugin ID 69555


The remote Windows host has been infected with the KINS Trojan.


The remote Windows host has files that indicate that the KINS banking Trojan has been installed.

False positives may occur if file names identical to files KINS creates are detected on the system.


Update the host's antivirus software, clean the host, and scan again to ensure its removal. If symptoms persist, re-installation of the infected host is recommended.

See Also

Plugin Details

Severity: Critical

ID: 69555

File Name: kins_detect.nasl

Version: 1.6

Type: local

Agent: windows

Family: Backdoors

Published: 9/3/2013

Updated: 2/1/2022

Configuration: Enable paranoid mode

Asset Inventory: true

Supported Sensors: Nessus Agent, Nessus

Risk Information


Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C


Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: Settings/ParanoidReport, SMB/Registry/Enumerated, SMB/WindowsVersion