Recently, a new piece of evasive malware has been discovered that is able to gain entry into enterprise systems in order to mine cryptocurrency by exploiting a key internet-facing protocol.
Researchers have discovered that the malware is capable of launching DDoS attacks, gaining a foothold on corporate networks, and launching attacks.
To maintain Akamai’s long-term security and stability, the Security Intelligence Response Team (SIRT) tracks, detects, documents, and publishes new developments.
Based on a comparison of the redress source outputs for the client binary and the ksmdm binary, it appears that they’re most likely the same thing, with slight differences in the code.
Redress is a free and open-source program that allows users to rebuild structures in Go binaries to facilitate reverse engineering in the Go programming language.
The fact that Golang is considered to be a critical tool which is undeniable because we are seeing an increasing number of attackers utilizing it for their malicious purposes.
According to the Akamai report, this might be due to the fact that it has become almost impossible to reverse-engineer this language as a result of the way it is implemented.
A honeypot that was dangled in an unusually open way by KmsdBot in an attempt to lure attackers was detected by the researchers as a result of the detection.
This new malware infects computers that host custom private servers for popular game titles like Grand Theft Auto Online. While it was detected by FiveM, which hosts custom private servers for Grand Theft Auto Online.
During the attack, attackers opened a UDP socket using a FiveM session token and constructed a packet using the datagram protocol (UDP).
In addition to these attacks, the researchers also noticed that the bot was also involved in a range of other attacks that were less specifically targeted.
A recent study by researchers has concluded that KmsdBot malware is rapidly spreading because it is supported by a multitude of architectures, including:
While the command-and-control infrastructure of the program communicates with the system using TCP.
Based on the output of the sym.main.randomwallet() function, there may be one or more crypto wallet user accounts.
In order to contribute to various mining pools, it is possible that these individuals are selected at random from a pool of thousands of individuals.
Cryptomining activity was not observed by the experts during the period of time they observed the botnet. At the time of the research, the experts came to know that only DDoS attacks were being perpetrated by the botnet.
Cryptomining activity can be launched by the bot since it is capable of doing so. Despite this, it was found that there is a command ./ksmdr -o pool.hashvault.pro in which ksmdr is actually the renamed version of the xmrig binary.
A botnet such as this provides a great example of how complex security threat has become and how much it has evolved over the years.
A bot that was created as part of an app for a game app seems to have evolved into a malicious program that is attacking large luxury brands.
One of the most notable features of this threat is how it spreads, and not only that even it uses a weak SSH connection to gain access to the system.
In light of these problems, the experts have developed some mitigation measures to keep the security of the organization’s system and network intact. And here we have mentioned them below:-
Managed DDoS Attack Protection for Applications – Download Free Guide
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…