Numerous security firms, gaming companies, and luxury car manufacturers have been targeted by the new KmsdBot malware, which uses the Secure Shell cryptographic protocol to facilitate cryptocurrency mining and distributed denial-of-service attacks, The Hacker News reports.
Various architectures including Winx86, mips64, Arm64, and x86_64 are supported by the malware, which was derived from the "kmsd.exe" executable, which is downloaded after system compromise, a report from the Akamai Security Intelligence Response Team revealed. Gaming firm FiveM, which offers a Grand Theft Auto V multiplayer mod, was the initial target of KmsdBot, which has been found not only to allow self-propagation and malware updating capabilities but also to enable Layer 4 and Layer 7 DDoS attacks. "This botnet is a great example of the complexity of security and how much it evolves. What seems to have started as a bot for a game app has pivoted into attacking large luxury brands," said Akamai researcher Larry Cashdollar.
North Korea-linked threat group APT37, also known as ScarCruft, Red Eyes, Erebus, and Reaper, has been behind highly targeted attacks using the Dolphin backdoor, which has evolved into more advanced versions since being first identified in April 2021, according to BleepingComputer.