Saturday, June 12, 2021

Kobalos malware is targeting supercomputers worldwide

Must Read

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

Microsoft releases tool for Exchange Server hacks

Microsoft has released a one-click mitigation tool as a stop-gap for IT admins who still need to apply security...

NTT develops secure authentication method for Datacenters with Fath Mechatronics, peaq

NTT Global Data Centers EMEA has awakened with Fath Mechatronics and peaq to make a new sort of access...

A small but complex variation of malware is targeted at significant computer users worldwide.

Reverse engineered by ESET and described in a blog post on Tuesday, the malware was traced in attacks on significant users using a large Asian Internet Service Provider (ISP), a US security vendor, and many privately-held servers, among other purposes.

The cybersecurity team has called malware Kobalos in honor of kobalos, and a small Greek mythology creature believed to cause corruption.

Kobalos is rare for many reasons. The malware codebase is small but complex enough to affect the operating systems of Linux, BSD, and Solaris. ESET suspects it may be linked to attacks on AIX devices and Microsoft Windows, too.

“It should be noted that this level of technology is rarely seen in Linux malware,” notes cybersecurity researcher Marc-Etienne Léveillé.

While working with the CERN Computer Security Team, ESET noticed that the “unique, multiplatform” malware targeted high-level computer (HPC) clusters.

In some cases of infection, it appears that the ‘sidekick’ malware hijacks SSH server connections to steal the credentials used to gain access to HPC clusters and deploy Kabobos.

“The presence of this thief can in part answer to how Kabalos spreads,” the group said.

Koobos is the back door. Once the malware has reached the main computer, the code hides in a useful OpenSSH server and will create a back door if the call is made through a specific TCP source port.

Alternatives serve as intermediaries for traditional command-and-control (C2) server connections.

Kabobos gives its operators remote access to file systems, allows them to reproduce final sessions, and acts as a connection point for other malware-infected servers.

ESET claims that the unique feature of Kabelos is its ability to convert any damaged server into C2 in a single command.

“As C2 server IP addresses and ports are encoded in the executable, operators can then produce new Kobalos samples using this new C2 server,” the researchers noted.

The malware was a challenge to process as all of its code was traced to “one self-proclaimed” retaliatory function, “ESET said, adding that all cables were encrypted as an additional obstacle to engineering.

From now on, more research needs to be done on malware – and who can be responsible for its development.

“We have not been able to determine the motives of the workers in Kabalos,” ESET said. “No other malware, other than stolen SSH, has been detected by sophisticated system administrators.

We hope that the information we present today in our new book will help raise awareness of this threat and put its work under a microscope.”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This