Researchers take down KmsdBot malware

Share post:

Akamai reported that during ongoing research on the KmsdBot, a syntax error caused the bot to stop sending commands, effectively killing the botnet, resulting in the end of the cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks.

Akamai researchers previously published a blog post about the KmsdBot, a cryptomining botnet with command-and-control capabilities that infected victims through SSH and weak credentials. After infecting one of Akamai’s honeypots, the Akamai team analyzed and reported on KmsdBot.

The KmsdBot infects new systems via SSH connections that use weak or default login credentials. It targets Windows and Linux devices with a wide range of architectures. KmsdBot, a Golang-based virus, has been discovered attacking a variety of businesses, including gambling, luxury vehicle brands, and security agencies. The botnet, according to researchers, infects systems via an SSH connection that uses weak login credentials. To avoid detection, the malware does not remain persistent on the infected system.

The malware gets its name from an application called “kmsd.exe” that is downloaded from a remote server after a successful penetration. It is also designed to support a wide range of architectures, including Winx86, Arm64, MIPS, and x86 64.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Stack Overflow moderators strike over limited authority to remove AI-generated content

Stack Overflow’s moderators are on strike over a new policy that limits their ability to remove AI-generated content....

EFF expresses concern over proposed United States Patent and Trademark Office’s rules

The Electronic Frontier Foundation (EFF), a digital rights advocate organization, has expressed its dissatisfaction with the United States...

Reddit communities to go private in protest of new API pricing

Reddit communities like r/videos, r/reactiongifs, r/earthporn, and r/lifeprotips, will be going private for 48 hours from June 12th...

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways