The Kobalos Malware steals passwords from Supercomputers

A tiny yet complex backdoor steals access credentials of high-performance computer networks.

Eset researchers discovered the Kobalos malware in recent months. It’s a backdoor that has been targeting supercomputers used in academia or scientific enterprises. Once initial access has been granted, it opens the door for other attacks like credential theft, data extraction, and even cryptocurrency mining.

“Kobalos malware contains generic commands to read from and write to the file system and spawn a terminal to execute arbitrary commands, […] Unfortunately, it doesn’t contain any specific payload that could indicate the intentions of its authors. The operators likely open a shell through the terminal and perform whatever commands they need to.”

Eset researchers

The name originates from Greek mythology, where kobaloi were Dionysus companions, a group of mischievous creatures fond of tricking and frightening mortals. Eset researchers picked this name for the many “tricks” that are packed in this tiny malware.

The Kabalos malware is Multiplatform, which means that it can run on multiple operating systems, from Linux, BSD Solaris, and even Windows operating systems. It was found to infect high-performance computing clusters, a large Asian ISP, a US endpoint security vendor, and a number of personal servers.

“There are multiple ways for the operators to reach a Kobalos-infected machine,” according to ESET. “The method we’ve seen the most is where Kobalos is embedded in the OpenSSH server executable (sshd) and will trigger the backdoor code if the connection is coming from a specific TCP source port.”

Check the source.

Read More

• Most Companies Aren’t Ready For The Greatest Cyber Threat Of 2021 – Ransomware
  One would think that ransomware, currently the most significant cyber threat out there, keeps all organizations on edge and […]
• Patch These 5 Vulnerabilities Now To Protect Your Company From Ransomware Attacks
  Hackers are actively exploiting years-old security vulnerabilities to launch ransomware attacks because organizations skip on patching them. Some of […]
• Fileless And Encrypted Malware Saw Massive Growth in Q2 2021
  A new report analyzing malware trends in the second quarter of 2021 shows that cyber threats are becoming stealthier, […]
• Massive Phishing Attack Hits At Least 6,000 Coinbase Users
  Crypto exchange Coinbase confirmed that funds were stolen from at least 6,000 accounts in a vast phishing attack this […]
• The 3 Top Ransomware Threats Might Surprise You
  No, it’s not Revil, Ragnar Locker, BlackMatter, or Conti to make it to the top three ransomware threats responsible […]