A newly identified multi-platform threat named NKAbuse has surfaced, employing a decentralized peer-to-peer network connectivity protocol known as NKN (New Kind of Network) for communication. Russian cybersecurity firm Kaspersky detailed the malware’s capabilities in a report, describing it as a robust implant with both flooder and backdoor functionalities.
NKN, boasting over 62,000 nodes, functions as a software overlay network on the existing Internet, allowing users to share unused bandwidth and earn token rewards through a blockchain layer on top of the TCP/IP stack. NKAbuse, however, takes advantage of this technology to execute distributed denial-of-service (DDoS) attacks and operate as an implant within compromised systems.
While threat actors commonly exploit emerging communication protocols for command-and-control purposes to elude detection, NKAbuse stands out by leveraging blockchain technology. This malicious software communicates with the bot master using the NKN protocol, implementing the Go programming language. Its primary targets seem to be Linux systems, including IoT devices, particularly in Colombia, Mexico, and Vietnam.
The scale of the attacks remains uncertain, but Kaspersky highlighted an incident involving the exploitation of a six-year-old critical security flaw in Apache Struts (CVE-2017-5638, CVSS score: 10.0) to breach an unnamed financial company. The attack sequence involves the delivery of an init
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: