NOVEMBER 15, 2022
[vc_row pix_particles_check=”” nav_skin=”light” consent_include=”include”][vc_column][vc_column_text]Cyber security researchers have detected malware called KmsdBot, which carries out DDoS attacks and cryptocurrency mining activities by accessing targeted systems using the SSH cryptographic network protocol.
KmsdBot malware is distributed on systems with weak SSH credentials by downloading the “kmsd.exe” file from a server (C2) controlled by threat actors.
KmsdBot malware has the ability to perform scanning activities on targeted systems, spread to different systems through username and password combinations, control cryptocurrency mining processes and update itself. In addition, the malware has been found to organize DDoS attacks in which Layer 4 TCP/UDP or Layer 7 HTTP/GET requests are sent to strain the targeted server resources and hinder the server’s ability to process and respond.
It is known that the number of malware that carries out cryptocurrency mining activities is increasing day by day. In the recently detected cryptocurrency mining malware campaign called KmsdBot, threat actors target gaming, automobile, and security companies. In this context, in order not to be targeted by the related malware campaign;
It is strongly recommended that IoC fin dings related to the attack campaign are blocked by security solutions.[/vc_column_text][vc_empty_space][vc_btn title=”Download the IoCs” color=”danger” size=”lg” align=”center” link=”url:https%3A%2F%2Fgithub.com%2FBRANDEFENSE%2FIoC%2Fblob%2Fmain%2Fkmsdbot-IoC.txt”][/vc_column][/vc_row]
Take control of your digital security with an exclusive demo of our powerful threat management platform.