A tiny yet complex backdoor steals access credentials of high-performance computer networks.
Eset researchers discovered the Kobalos malware in recent months. It’s a backdoor that has been targeting supercomputers used in academia or scientific enterprises. Once initial access has been granted, it opens the door for other attacks like credential theft, data extraction, and even cryptocurrency mining.
“Kobalos malware contains generic commands to read from and write to the file system and spawn a terminal to execute arbitrary commands, […] Unfortunately, it doesn’t contain any specific payload that could indicate the intentions of its authors. The operators likely open a shell through the terminal and perform whatever commands they need to.”
Eset researchers
The name originates from Greek mythology, where kobaloi were Dionysus companions, a group of mischievous creatures fond of tricking and frightening mortals. Eset researchers picked this name for the many “tricks” that are packed in this tiny malware.
The Kabalos malware is Multiplatform, which means that it can run on multiple operating systems, from Linux, BSD Solaris, and even Windows operating systems. It was found to infect high-performance computing clusters, a large Asian ISP, a US endpoint security vendor, and a number of personal servers.
“There are multiple ways for the operators to reach a Kobalos-infected machine,” according to ESET. “The method we’ve seen the most is where Kobalos is embedded in the OpenSSH server executable (sshd) and will trigger the backdoor code if the connection is coming from a specific TCP source port.”
Check the source.
Read More
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]
- FBI: Business Email Compromise – a $43B ScamA new FBI report warns of a staggering spike in hacking activities using the Business Email Compromise technique (BEC), […]
- NVIDIA Confirms Employee Credentials And Proprietary Data Stolen During CyberattackNVIDIA confirmed the Lapsus$ cyberattack and the data leak that followed, saying it first became aware of the security […]