A tiny yet complex backdoor steals access credentials of high-performance computer networks.
Eset researchers discovered the Kobalos malware in recent months. It’s a backdoor that has been targeting supercomputers used in academia or scientific enterprises. Once initial access has been granted, it opens the door for other attacks like credential theft, data extraction, and even cryptocurrency mining.
“Kobalos malware contains generic commands to read from and write to the file system and spawn a terminal to execute arbitrary commands, […] Unfortunately, it doesn’t contain any specific payload that could indicate the intentions of its authors. The operators likely open a shell through the terminal and perform whatever commands they need to.”Eset researchers
The name originates from Greek mythology, where kobaloi were Dionysus companions, a group of mischievous creatures fond of tricking and frightening mortals. Eset researchers picked this name for the many “tricks” that are packed in this tiny malware.
The Kabalos malware is Multiplatform, which means that it can run on multiple operating systems, from Linux, BSD Solaris, and even Windows operating systems. It was found to infect high-performance computing clusters, a large Asian ISP, a US endpoint security vendor, and a number of personal servers.
“There are multiple ways for the operators to reach a Kobalos-infected machine,” according to ESET. “The method we’ve seen the most is where Kobalos is embedded in the OpenSSH server executable (sshd) and will trigger the backdoor code if the connection is coming from a specific TCP source port.”
Check the source.
- Fresh COVID-19 Phish: Cybercrooks Impersonate Pfizer In Request For Quotation ScamBad guys exploiting the COVID-19 pandemic is nothing new under the sun. However, the newest highly-targeted phishing campaign impersonating […]
- Ransomware Attack Hits McMenamins; 2,700 Employee Records Potentially LeakedA recent attack targeted McMenamins, a popular family-run chain of hotels, restaurants, and breweries. The company is still experiencing […]
- The Number Of Double-Extortion Ransomware Victims Sees Massive 935% Increase In 2021A jaw-dropping three-digit spike in the number of companies hit with double-extortion ransomware attacks, most likely due to easy […]
- Cybercrooks Aiming To Take Over 1.6M WordPress Sites In Active AttackThreat actors are actively exploiting security flaws in four plugins and Epsilon themes to assign themselves administrative accounts and […]
- Cuba Ransomware Group Raked In $44M In Payouts, The FBI SaysThe Cuba ransomware gang is a wide range of tools and malware to launch and conduct attacks targeting organizations […]