Kaspersky Exposes NKAbuse: Multiplatform Malware Leveraging Blockchain Technology
Kaspersky’s Global Emergency Response Team (GERT) and Global Research and Analysis Team (GReAT) uncovered NKAbuse, a novel multiplatform malware. This advanced threat, developed in Go, uses peer-to-peer communication, functioning both as a flooder and a backdoor.
In a recent incident response, Kaspersky’s experts found a new malware that exploits NKN technology, a peer-to-peer, blockchain-oriented networking protocol, known for its decentralization and privacy. Kaspersky Security Network identified potential victims of the attack in Colombia, Mexico, and Vietnam.
NKAbuse is a hybrid implant that serves as both a backdoor/RAT and a flooder, making it a versatile dual-threat. In its backdoor/RAT role, NKAbuse provides attackers with unauthorized access to victims’ systems, enabling the attacker to covertly execute commands, steal data, and monitor activities. This feature is particularly valuable for espionage and data exfiltration. Simultaneously, as a flooder, it is capable of launching destructive DDoS attacks, overwhelming and disrupting targeted servers or networks, significantly impacting organizational operations.
The malware’s advanced features extend to capturing screenshots, managing files, retrieving system and network information, and executing system commands. All collected data is sent to its botmaster via the NKN network, using decentralized communications for stealth and efficiency.
NKAbuse's infiltration process begins by exploiting the old RCE vulnerability CVE-2017-5638, allowing attackers to take over the affected systems. After gaining control, the malware downloads an implant onto the victim's host. This implant is initially placed in a temporary directory for execution. NKAbuse then establishes persistence by creating a cron job and situates itself within the host’s home folder, ensuring its continuous operation within the system.
"The implant's use of the NKN protocol underlines its advanced communication strategy, enabling decentralized, anonymous operations and leveraging NKN's blockchain features for efficient, stealthy communication between infected nodes and C2 servers. This approach complicates detection and mitigation efforts. I would like to commend the Kaspersky GERT team for their exceptional effort in identifying this sophisticated threat," says Lisandro Ubiedo, Security Researcher at Kaspersky’s GReAT.
The choice of Go enables cross-platform compatibility, allowing NKAbuse to target various operating systems and architectures, including Linux desktops and IoT devices. This programming language enhances the implant's performance, particularly in networked applications, ensuring efficient and concurrent processing. Moreover, Go's ability to produce self-contained binaries simplifies deployment and enhances robustness, making NKAbuse a formidable tool in the realm of cybersecurity threats.
All Kaspersky products detect NKAbuse as HEUR:Backdoor.Linux.NKAbuse.a. The joint report by GERT and GReAT, which includes specific indicators of compromise like MD5 hashes and files created by the malware, is available on Securelist.com.
To avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:
- Update your operating system, applications, and antivirus software regularly to patch any known vulnerabilities.
- Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky spanning over 20 years.
- Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
- For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response.
- Investigate alerts and threats identified by security controls with Kaspersky's Incident Response and Digital Forensics services to gain deeper insights.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments, and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Kaspersky Exposes NKAbuse: Multiplatform Malware Leveraging Blockchain Technology
Kaspersky
Related Articles Press Releases
Kaspersky expands Global Transparency Initiative launching Istanbul Transparency Center
Kaspersky has today announced the opening of its new Transparency Center in Istanbul, Turkey, where the company’s stakeholders can learn more about Kaspersky solutions, review its source code or examine the results of independent audits. This marks further expansion of the company’s Global Transparency Initiative (GTI), which Kaspersky has been developing since 2018, enhancing trust in its products and internal processes and promoting evidence-based approach toward IT product security assessment.Read More >Updated Kaspersky Security for Mail Server offers advanced content filtering and enhanced visibility for SOC
Kaspersky has announced a significant update to its Kaspersky Security for Mail Server, designed to strengthen systems against emerging email threats. The latest version of Kaspersky Security for Mail Server features advanced functionality for content filtering, quarantine management, and enhanced visibility for Security Operations Centers (SOC).Read More >Innovation journey: Dubai welcomed Kaspersky's Cyber Immunity Conference
Leading cybersecurity experts, scientists, business leaders and government officials from more than 20 countries worldwide have come together for the inaugural international Cyber Immunity Conference. Exploring the complex and evolving cyberthreat landscape the conference provided invaluable insights into the future of our digital age and celebrated the pioneering efforts of the first Cyber Immunity Champions.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.