Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET

2021-02-03 12:30

How it gets onto servers is unclear though systems infected by Kobalos have their SSH client tampered with to steal usernames and passwords, and presumably server addresses, that are typed into it.

These details could be used by the malware's masterminds to log into those systems to propagate their malware.

The malware can also connect to a command-and-control server that links the software to its masterminds.

According to ESET, a large Asian ISP, a North American endpoint security vendor, a European marketing agency, university networks, people's personal servers, and other kit were found to be hit by the malware as well supercomputer clusters.

What's in a name? Léveillé and Sanmillan said: "We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a kobalos is a small, mischievous creature."

Last year Microsoft declared its support for hunting down in-memory malware targeting Linux servers while China's APT41 was revealed to have spent five years poking around various Linux boxen.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/03/kobalos_malware/

#eset #ISP #malware #SSH #tools

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Eset	19	4	21	11	4	40
Tiny	4	0	11	2	1	14
SSH	7	1	7	4	2	14

News URL

Related news

Related vendor