Security News > 2021 > February > A New Linux Malware Targeting High-Performance Computing Clusters

High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands on the systems remotely.

Cybersecurity firm ESET named the malware "Kobalos" - a nod to a "Mischievous creature" of the same name from Greek mythology - for its "Tiny code size and many tricks."

Besides tracing the malware back to attacks against a number of high-profile targets, ESET said the malware is capable of taking aim at Linux, FreeBSD, Solaris, and possibly AIX and Windows machines, with code references hinting at Windows 3.11 and Windows 95 legacy operating systems.

The initial compromise vector used to deploy the malware and the ultimate objective of the threat actor remains unclear as yet, but the presence of a trojanized OpenSSH client in one of the compromised systems alludes to the possibility that "Credential stealing could be one of the ways Kobalos propagates."

In other words, infected machines can be used as proxies that connect to other compromised servers, which can then be leveraged by the operators to create new Kobalos samples that use this new C&C server to create a proxy chain comprising of multiple infected servers to reach their targets.

"The numerous well-implemented features and the network evasion techniques show the attackers behind Kobalos are much more knowledgeable than the typical malware author targeting Linux and other non-Windows systems," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/WWLP9j1y4ec/a-new-linux-malware-targeting-high.html