Kaspersky’s Global Emergency Response Team has just published a report on NKAbuse, a malware that uses NKN technology, a blockchain-powered peer-to-peer networking protocol and ecosystem. The malware uses the Go programming language, which is popular in the world of malware and cyberattacks.
Kaspersky said NKAbuse currently targets computers running the Linux operating system, but because it can infect MISP and ARM systems, it could also pose a threat to IoT devices. NKAbuse is using 60,000 official NKN nodes to carry out DDoS attacks and connect to a C2 server.
New malware is evolving with never-before-seen attack methods
The report says NKAbuse contains a large amount of resources to carry out DDoS attacks, but it can also turn into a backdoor or remote access trojan (RAT). Kaspersky says the use of blockchain technology helps ensure trust and anonymity, suggesting the botnet has the potential to expand steadily over time, making it difficult to detect the central controller.
So far, NKAbuse has been found to infect devices in Colombia, Mexico, and Vietnam through distribution by an individual exploiting the vulnerability, which was determined because the malware does not have self-propagating functionality. Kaspersky has also collected evidence of an attack exploiting CVE-2017-5638 against a financial company.
NKAbuse can cause widespread harm to businesses and organizations, including breaches, data theft, remote control, system manipulation, and DDoS attacks. The use of blockchain technology also suggests that NKAbuse may have the potential to expand over time and be integrated into a botnet.
Source link
Comment (0)