A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.
Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms.
“The botnet infects systems via an SSH connection that uses weak login credentials,” Akamai researcher Larry W. Cashdollar said. “The malware does not stay persistent on the infected system as a way of evading detection.”
The malware gets its name from an executable named “kmsd.exe” that’s downloaded from a remote server following a successful compromise. It’s also designed to support multiple architectures, such as Winx86, Arm64, mips64, and x86_64.
KmsdBot comes with capabilities to perform scanning operations and propagate itself by downloading a list of username and password combinations. It’s also equipped to control the mining process and update the malware.
