Kaspersky's global emergency response team has just released a report on NKAbuse, malware that uses NKN technology, a peer-to-peer networking ecosystem and protocol supported by blockchain. This malware uses the Go programming language, which is popular in the world of malware and cyberattacks.
Kaspersky stated that NKAbuse currently targets computers running Linux, but due to its ability to infect MISP and ARM systems, it could also pose a threat to IoT devices. NKAbuse is using 60,000 official NKN nodes to carry out distributed denial-of-service (DDoS) attacks and link to C2 servers.
New malware is developing attack methods never seen before.
The report states that NKAbuse contains a large resource for carrying out DDoS attacks, but it could also be transformed into a backdoor or remote access trojan (RAT). Kaspersky says the use of blockchain technology helps ensure reliability and anonymity, suggesting the potential for this botnet to expand steadily over time, making it very difficult to detect the central controller.
To date, NKAbuse has been detected infecting devices in Colombia, Mexico, and Vietnam through distribution by an individual exploiting the vulnerability, which is determined by the fact that the malware does not have self-replicating capabilities. Kaspersky has also gathered evidence of an attack exploiting the CVE-2017-5638 vulnerability targeting a financial company.
NKAbuse can harm businesses and organizations on a wide scale, including data breaches, theft, remote control, system manipulation, and DDoS attacks. The use of blockchain technology also suggests that NKAbuse has the potential to scale over time and can be integrated into botnets.
Source link
Comment (0)