/i/1277037256.png?fit=%2C&ssl=1)
ESET security researchers have found a new malware specifically targeting Linux. It is targeted malware that opens a back door by stealing credentials via an infected OpenSSH download.
Security company ESET calls the malware Kobalos. That would hit Linux distros BSD and Solaris, among others. The company speculates that the malware could potentially run on Windows as well, but it has no evidence for that. The company found victims of the malware all over the world. The affected systems are supercomputers and servers in mostly academic and research institutions, but it is not clear what the attackers were looking for.
The researchers call the malware advanced. It would have many options to hide itself on a system and bypass detection. There would be multiple ways to contact the malware. One of those ways is to open a TCP port, where an encrypted connection is established. A key is generated locally for this, which according to the discoverers is striking because the malware is very small.
It is unclear what exactly the malware is trying to achieve. Once installed on a system, an OpenSSH client is installed that steals users’ credentials, which the attackers can then use to run commands on the system. It is striking that the researchers saw references to old code that applied to Windows 95. That does not necessarily mean that the malware is so old; parts from older malwares may have been used here and there.
–
