Linux Malware, Kobalos, Targets Supercomputers Worldwide
Named after a small creature from Greek mythology, Kobalos is a newly discovered malware that has been targeting supercomputers worldwide. Reversed engineered by ESET researchers, Kobalos is a previously unknown and complex, multiplatform malware that has been targeting Linux, FreeBSD and Solaris systems. Its victims have proven to be mostly high-profile organizations, lending credence to the belief that the malware is deployed against chosen targets rather than ones chosen randomly or from “casting a wide net” approach.
Once deployed, the malware gives access to the file system of the compromised host and enables access to a remote terminal, giving the attackers the ability to run arbitrary commands. But it’s the network capabilities that really differentiate Kobalos from other malwares; it supports acting both as a passive implant and as a bot actively connecting to its C&C server. Interestingly, these C&C servers are themselves compromised with Kobalos; the code for running such servers is present in all Kobalos samples.
While it is unclear how old this malware is, it was first discovered in late 2019 by one of its victims. The group behind Kobalos has been active throughout 2020.