A newly discovered piece of malware uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network, Anomali’s security researchers report.
Discovered in May 2019 and dubbed IPStorm, the malware is written in the Go (Golang) programming language and targets Windows machines. Once it has infected a system, the malicious program allows its operator to execute arbitrary PowerShell code.
The use of a p2p network for communication ensures not only that the generated traffic blends into the legitimate traffic, but also that the infected machines don’t need to maintain a constant connection to the command and control (C&C) server.
Being connected directly to each other via a p2p network, the machines form a p2p botnet, where commands propagate from one bot to another. A p2p botnet is more difficult to implement, as the attacker needs to ensure bots can communicate with each other at all times, even when behind a NAT, but are more difficult to detect, especially with the increased use of p2p in corporate environments.
The newly discovered botnet leverages IPFS, a p2p filesystem project that aims to decentralize the Internet to improve it. The filesystem can be used to host a broad range of files that can be accessed via a client or public gateways.
www.anomali.com
