KmsdBot Malware Infects Hosts to Mine Crypto

KmsdBot is a newly discovered malicious application that infects both Windows and Linux hosts.

The malware is written and compiled using the Golang language, which makes it cross-platform and able to infect both Windows and Linux machines.

KmsdBot works as a botnet, infecting host devices and then harnessing infected hardware to harvest cryptocurrency. A team with Akamai Security Research picked apart a sample of the malware and published a report of their findings.

The threat actor behind KmsdBot used the malware to target various sectors, including businesses working in car manufacturing and the gaming industry, as well as other technology companies.

The combination of a DDoS-style botnet and cryptominer is a relatively rare combo, which makes KmsdBot a bit of a unique threat.

KmsdBot uses SSH connections to gain initial access, abusing connections that use default or weak credentials.

The current iteration of the malware has the functionality to mine crypto, even though it's currently only used to launch DDoS. However, being still under active development, cryptomining capabilities can be expanded with relative ease.

November 18, 2022