Friday, September 24, 2021

Kobalos malware is targeting supercomputers worldwide

Must Read

Chinese Cloud Hopper Attackers Use Zerologon at New Campaign

Chinese state-sponsored attackers are working a significant worldwide campaign against several verticals harnessing the Zerologon vulnerability, based on a...

Twitter hires hacker ‘Mudge’ as its head of security

Twitter has been facing cybersecurity-related concerns lately. To that end, the social media giant has appointed one of the...

Networking equipment vendor Belden Reveals data breach

Belden says hackers obtained a restricted number of the firm's servers.American media equipment seller Belden stated it had been...

A small but complex variation of malware is targeted at significant computer users worldwide.

Reverse engineered by ESET and described in a blog post on Tuesday, the malware was traced in attacks on significant users using a large Asian Internet Service Provider (ISP), a US security vendor, and many privately-held servers, among other purposes.

The cybersecurity team has called malware Kobalos in honor of kobalos, and a small Greek mythology creature believed to cause corruption.

Kobalos is rare for many reasons. The malware codebase is small but complex enough to affect the operating systems of Linux, BSD, and Solaris. ESET suspects it may be linked to attacks on AIX devices and Microsoft Windows, too.

“It should be noted that this level of technology is rarely seen in Linux malware,” notes cybersecurity researcher Marc-Etienne Léveillé.

While working with the CERN Computer Security Team, ESET noticed that the “unique, multiplatform” malware targeted high-level computer (HPC) clusters.

In some cases of infection, it appears that the ‘sidekick’ malware hijacks SSH server connections to steal the credentials used to gain access to HPC clusters and deploy Kabobos.

“The presence of this thief can in part answer to how Kabalos spreads,” the group said.

Koobos is the back door. Once the malware has reached the main computer, the code hides in a useful OpenSSH server and will create a back door if the call is made through a specific TCP source port.

Alternatives serve as intermediaries for traditional command-and-control (C2) server connections.

Kabobos gives its operators remote access to file systems, allows them to reproduce final sessions, and acts as a connection point for other malware-infected servers.

ESET claims that the unique feature of Kabelos is its ability to convert any damaged server into C2 in a single command.

“As C2 server IP addresses and ports are encoded in the executable, operators can then produce new Kobalos samples using this new C2 server,” the researchers noted.

The malware was a challenge to process as all of its code was traced to “one self-proclaimed” retaliatory function, “ESET said, adding that all cables were encrypted as an additional obstacle to engineering.

From now on, more research needs to be done on malware – and who can be responsible for its development.

“We have not been able to determine the motives of the workers in Kabalos,” ESET said. “No other malware, other than stolen SSH, has been detected by sophisticated system administrators.

We hope that the information we present today in our new book will help raise awareness of this threat and put its work under a microscope.”

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This