Numerous security firms, gaming companies, and luxury car manufacturers have been targeted by the new KmsdBot malware, which uses the Secure Shell cryptographic protocol to facilitate cryptocurrency mining and distributed denial-of-service attacks, The Hacker News reports.
Various architectures including Winx86, mips64, Arm64, and x86_64 are supported by the malware, which was derived from the "kmsd.exe" executable, which is downloaded after system compromise, a report from the Akamai Security Intelligence Response Team revealed. Gaming firm FiveM, which offers a Grand Theft Auto V multiplayer mod, was the initial target of KmsdBot, which has been found not only to allow self-propagation and malware updating capabilities but also to enable Layer 4 and Layer 7 DDoS attacks. "This botnet is a great example of the complexity of security and how much it evolves. What seems to have started as a bot for a game app has pivoted into attacking large luxury brands," said Akamai researcher Larry Cashdollar.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.