This devious Linux malware is targeting supercomputers

News
By
published

Use SSH through two-factor authentication to mitigate the threat

security threat
(Image credit: Shutterstock.com)

Security researchers have identified a new malware that interestingly targets supercomputing clusters.

Dubbed Kobalos by the researchers at security firm ESET, the malware targets multiple operating systems including Linux, FreeBSD and Solaris, and perhaps even AIX and Windows.

“This is not your typical Linux malware. This one is more sophisticated, and its unique control flow obfuscation makes the analysis more tedious,” wrote the researchers on Twitter while sharing their analysis.

Small and mischievous

As they explained their analysis of Kobalos in detail, the researchers note that one of the things that makes this malware unique is that it also bundles the code for running a Command & Control (C&C) server. This means that any compromised server can be turned into a C&C server by the attackers with just a single command.

The researchers worked with security experts at CERN, the European Organization for Nuclear Research and other organizations that are involved in mitigating attacks on scientific networks.

Upon reverse engineering the malware, the researchers identified a mechanism to detect compromised systems, remotely. They used this knowledge to scan the Internet for potential victims and discovered several high-profile targets including high performance computing clusters, servers in academia in Europe, an endpoint security vendor, and several personal and Government servers in North America, as well as a large ISP in Asia. 

Tip of the iceberg

Worryingly, the researchers note that Kobalos includes broad commands that conceal the true intent of the attackers. 

In most systems compromised by Kobalos, the client for secure communication (SSH) is compromised to steal credentials, but that seemed like a small target for such a sophisticated piece of malware. 

“This was an intriguing and challenging piece of malware to analyze,“ admitted ESET’s Senior Malware Researcher Marc-Etienne Léveillé on Twitter, adding that given the versatility of the malware “we may be seeing only the tip of the iceberg…”

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 9 (game #1140)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 9 (game #637)
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
Terminator Salvation

7 of my favorite indie sci-fi movies streaming on Prime Video, Max, Hulu and more
See more latest
Most Popular
Dynabook Portégé Z40L-N
Dynabook's newest laptop has a 4-year warranty, a swappable battery, a weight of under 1 kg, and even a LAN port
Cortical Labs CL1
A breakthrough in computing: Cortical Labs' CL1 is the first living biocomputer and costs almost the same as 'Apple's best failure'
Workplace AI Adoption
ChatGPT remains the most popular AI tool in offices worldwide, survey finds, with India leading the way
Lexar ARMOR GOLD and SILVER PRO
Almost indestructible memory card launched; Lexar's Armor SD steel cards are water resistant and can survive a 16-feet drop
IBM FlashSystem C200
'Writing is on the wall for spinning rust': IBM joins Pure Storage in claiming disk drives will go the way of the dodo in enterprises
Disney Imagineering BDX Droids at Disneyland Galaxy's Edge
The adorable BDX Droids are coming to more Disney Parks around the world, including Disney World
Orange servers and networks
Alibaba doubles down on RISC-V architecture with a new secretive 'server-grade' chip that will put AMD and Intel on alert
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
Samsung Galaxy S25 Ultra HANDS ON
‘I don't see a space where the S Pen is not a key part of our portfolio’: Samsung executive defends the S Pen amid cancellation rumors
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)