Mining crypto

New KmsdBot malware hacking systems to mine crypto and launch DDoS attacks

Recently discovered evasive malware exploits the Secure Shell (SSH) cryptographic protocol to penetrate targeted systems with the aim of mining cryptocurrency and carrying out Distributed Denial of Service (DDoS) attacks.

Double KmsdBotName by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware was found targeting a variety of companies ranging from gaming to luxury car brands to security firms.

“The botnet infects systems over an SSH connection that uses weak login credentials,” said Akamai Researcher Larry W. Cashdollar. “The malware does not remain persistent on the infected system in order to evade detection.”

The malware gets its name from an executable named “kmsd.exe” which is downloaded from a remote server after a successful compromise. It is also designed to support multiple architectures, such as Winx86, Arm64, mips64, and x86_64.

KmsdBot comes with capabilities to perform scanning operations and spread itself by uploading a list of username and password combinations. It is also equipped to control the extraction process and update malware.

KmsdBot Malware

Akamai said the first observed target of the malware was a gaming company named FiveM, a multiplayer mod for Grand Theft Auto V that lets players access custom role-playing game servers.

DDoS attacks observed by the web infrastructure company include Layer 4 and Layer 7 attacks, in which a flood of TCP, UDP, or HTTP GET requests are sent to overwhelm a target server’s resources and hinder its ability to process and respond.

cyber security

“This botnet is a great example of the complexity of security and how it’s evolved,” Cashdollar said. “What seems to have started as a bot for a gaming app has turned into an attack on big luxury brands.”

The findings come as vulnerable software is increasingly used to deploy cryptocurrency miners, rising from 12% in the first quarter of 2022 to 17% in the third quarter, according to Kaspersky telemetry data. Nearly half of analyzed malware mining samples (48%) covertly mine Monero (XMR).

“Interestingly, the most targeted country in the third quarter of 2022 was Ethiopia (2.38%), where it is illegal to use and mine cryptocurrencies,” the Russian company said. cybersecurity. “Kazakhstan (2.13%) and Uzbekistan (2.01%) follow in second and third place.”