"Evasive KmsdBot Cryptominer/DDoS Bot Targets Gaming, Enterprises"

Researchers have discovered an evasive malware that uses a key Internet-facing protocol to gain access to enterprise systems in order to mine cryptocurrency, launch Distributed Denial-of-Service (DDoS) attacks, and gain a foothold on corporate networks. The botnet, dubbed KmsdBot by Akamai Security Research, infects systems via a Secure Shell Protocol (SSH) connection with weak login credentials. SSH is a remote administration protocol that enables users to connect to, control, and modify remote servers via the Internet. According to Larry Cashdollar, principal security intelligence response engineer at Akamai, the botnet poses the greatest risk to enterprises that have deployed cloud infrastructure or corporate networks that are exposed to the Internet. KmsdBot, which is written in Golang, was observed by the researchers as an evasive measure, targeting an "erratic" range of victims, including gaming and technology companies, as well as luxury car manufacturers. Golang is a programming language that is appealing to threat actors because it is difficult to reverse engineer. Furthermore, once infected, the botnet does not maintain persistence, allowing it to avoid detection even further. KmsdBot was discovered by the researchers when it presented an unusually open honeypot in the hopes of luring attackers. The first victim of the new malware they discovered was an Akamai client, FiveM, a gaming company that provides custom private servers for Grand Theft Auto online. Threat actors launched the attack by opening a User Datagram Protocol (UDP) socket and constructing a packet with a FiveM session token. This article continues to discuss researchers' findings and observations surrounding KmsdBot.

Dark Reading reports "Evasive KmsdBot Cryptominer/DDoS Bot Targets Gaming, Enterprises"