A tiny yet complex backdoor steals access credentials of high-performance computer networks.
Eset researchers discovered the Kobalos malware in recent months. It’s a backdoor that has been targeting supercomputers used in academia or scientific enterprises. Once initial access has been granted, it opens the door for other attacks like credential theft, data extraction, and even cryptocurrency mining.
“Kobalos malware contains generic commands to read from and write to the file system and spawn a terminal to execute arbitrary commands, […] Unfortunately, it doesn’t contain any specific payload that could indicate the intentions of its authors. The operators likely open a shell through the terminal and perform whatever commands they need to.”Eset researchers
The name originates from Greek mythology, where kobaloi were Dionysus companions, a group of mischievous creatures fond of tricking and frightening mortals. Eset researchers picked this name for the many “tricks” that are packed in this tiny malware.
The Kabalos malware is Multiplatform, which means that it can run on multiple operating systems, from Linux, BSD Solaris, and even Windows operating systems. It was found to infect high-performance computing clusters, a large Asian ISP, a US endpoint security vendor, and a number of personal servers.
“There are multiple ways for the operators to reach a Kobalos-infected machine,” according to ESET. “The method we’ve seen the most is where Kobalos is embedded in the OpenSSH server executable (sshd) and will trigger the backdoor code if the connection is coming from a specific TCP source port.”
Check the source.
- H0lyGh0st Ransomware After Small and Midsize BusinessesMicrosoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored […]
- Popular NFT Marketplace Ravaged by $540M Phishing SchemeIn March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the […]
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]