A tiny yet complex backdoor steals access credentials of high-performance computer networks.
Eset researchers discovered the Kobalos malware in recent months. It’s a backdoor that has been targeting supercomputers used in academia or scientific enterprises. Once initial access has been granted, it opens the door for other attacks like credential theft, data extraction, and even cryptocurrency mining.
“Kobalos malware contains generic commands to read from and write to the file system and spawn a terminal to execute arbitrary commands, […] Unfortunately, it doesn’t contain any specific payload that could indicate the intentions of its authors. The operators likely open a shell through the terminal and perform whatever commands they need to.”
Eset researchers
The name originates from Greek mythology, where kobaloi were Dionysus companions, a group of mischievous creatures fond of tricking and frightening mortals. Eset researchers picked this name for the many “tricks” that are packed in this tiny malware.
The Kabalos malware is Multiplatform, which means that it can run on multiple operating systems, from Linux, BSD Solaris, and even Windows operating systems. It was found to infect high-performance computing clusters, a large Asian ISP, a US endpoint security vendor, and a number of personal servers.
“There are multiple ways for the operators to reach a Kobalos-infected machine,” according to ESET. “The method we’ve seen the most is where Kobalos is embedded in the OpenSSH server executable (sshd) and will trigger the backdoor code if the connection is coming from a specific TCP source port.”
Check the source.
Read More
- Users of popular crypto app Maiar are targetted by SMiShingMaiar is a digital crypto wallet and global payments app that allows users to exchange and securely store money […]
- PHOBOS Ransomware Attack Hits Romanian Hospital on July 22A ransomware attack targeted Witting Clinical Hospital in Bucharest. Hackers took control of the healthcare provider’s servers, encrypted the […]
- 740 Ransomware Victims Listed On Data Leak Sites in Q2 2021, New Report ShowsA new report from Digital Shadow highlights the worrying information that the number of ransomware victims named on data […]
- Kaseya Gets Universal Decryptor for REvil RansomwareThe decryptor vendor will work closely with customers affected by this July’s outbreak of ransomware attacks to help recover […]
- Possibly the Highest Ransomware Payment Ever: CNA reportedly paid $40 million to hackersOne of the biggest US insurance companies, CNA, paid a ransom worth $40 million to attackers after a massive […]
