This devious Linux malware is targeting supercomputers

Use SSH through two-factor authentication to mitigate the threat

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have identified a new malware that interestingly targetssupercomputingclusters.

DubbedKobalosby the researchers at security firm ESET, the malware targets multipleoperating systemsincluding Linux, FreeBSD and Solaris, and perhaps even AIX and Windows.

“This is not your typical Linux malware. This one is more sophisticated, and its unique control flow obfuscation makes the analysis more tedious,” wrote theresearchers on Twitterwhile sharing their analysis.

Small and mischievous

As they explained their analysis of Kobalos in detail, the researchers note that one of the things that makes this malware unique is that it also bundles the code for running a Command & Control (C&C) server. This means that any compromised server can be turned into a C&C server by the attackers with just a single command.

The researchers worked with security experts at CERN, the European Organization for Nuclear Research and other organizations that are involved in mitigating attacks on scientific networks.

Upon reverse engineering the malware, the researchers identified a mechanism to detect compromised systems, remotely. They used this knowledge to scan the Internet for potential victims and discovered several high-profile targets including high performance computing clusters, servers in academia in Europe, an endpoint security vendor, and several personal and Government servers in North America, as well as a large ISP in Asia.

Tip of the iceberg

Worryingly, the researchers note that Kobalos includes broad commands that conceal the true intent of the attackers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In most systems compromised by Kobalos, the client for secure communication (SSH) is compromised to steal credentials, but that seemed like a small target for such a sophisticated piece of malware.

“This was an intriguing and challenging piece of malware to analyze,“ admitted ESET’s Senior Malware ResearcherMarc-Etienne Léveilléon Twitter, adding that given the versatility of the malware “we may be seeing only the tip of the iceberg…”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace