Researchers take down KmsdBot malware

Share post:

Akamai reported that during ongoing research on the KmsdBot, a syntax error caused the bot to stop sending commands, effectively killing the botnet, resulting in the end of the cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks.

Akamai researchers previously published a blog post about the KmsdBot, a cryptomining botnet with command-and-control capabilities that infected victims through SSH and weak credentials. After infecting one of Akamai’s honeypots, the Akamai team analyzed and reported on KmsdBot.

The KmsdBot infects new systems via SSH connections that use weak or default login credentials. It targets Windows and Linux devices with a wide range of architectures. KmsdBot, a Golang-based virus, has been discovered attacking a variety of businesses, including gambling, luxury vehicle brands, and security agencies. The botnet, according to researchers, infects systems via an SSH connection that uses weak login credentials. To avoid detection, the malware does not remain persistent on the infected system.

The malware gets its name from an application called “kmsd.exe” that is downloaded from a remote server after a successful penetration. It is also designed to support a wide range of architectures, including Winx86, Arm64, MIPS, and x86 64.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Microsoft Ends Support for Office 365 Apps on Windows 10: Hashtag Trending for Friday, January 17, 2025

Microsoft announces they won’t support  Office 365 on Windows 10, D-Wave achieves a quantum computing milestone, TikTok prepares...

Hackers Mount High Speed Microsoft 365 Attack: Cyber Security Today – January 17, 2025

Hackers exploit a high-speed Go library to target Microsoft 365 accounts worldwide, North Korea’s Lazarus group lures developers...

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways