Security News > 2023 > December > NKabuse backdoor harnesses blockchain brawn to hit several architectures

Dubbed "NKAbuse" by the researchers, the Go-based backdoor offers criminal attackers a range of possibilities, including being able to DDoS or fling remote access trojans, and leans on NKN for more anonymous yet reliable data exchange.

NKN is an open source protocol that lets users perform a peer-to-peer data exchange over a public blockchain - like a cross between a traditional blockchain and the Tor network.

Historically, network protocols like NKN have been used by cybercriminals to establish command and control infrastructure - a means to anonymize the malicious traffic sent between the malware and its operator.

NKAbuse apparently exploits an old Apache Struts 2 vulnerability and can target eight different architectures, although Linux appears to be the priority.

NKAbuse comes equipped with 12 different types of DDoS attack, all of which are associated with known botnets, Kaspersky says.

NKAbuse's RAT functionality is broad, with attackers being able to do things like take screenshots of the victim's desktop and send the converted PNG file back to the operator, in addition to running system commands, removing files, and fetching a file list from a specified directory, among other tasks.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/15/nkabuse_blockchain_backdoor_botnet/