Unveiling NKAbuse: a new multiplatform threat

[vtqhtr413]

Content source

https://securelist.com/unveiling-nkabuse/111512/

During an incident response performed by Kaspersky’s Global Emergency Response Team (GERT) and GReAT, we uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities. Written in Go, it is flexible enough to generate binaries compatible with various architectures.

Our analysis suggests that the primary target of NKAbuse is Linux desktops. However, in view of its ability to infect MISP and ARM systems, it also poses a threat to IoT devices.

NKAbuse infiltrates systems by uploading an implant to the victim host. The malware establishes persistence through a crorn job and installs itself in the host’s home folder. Its capabilities span flooding to backdoor access to remote administration (RAT), offering a range of features.

A new kind of network​

NKN, short for “New Kind of Network”, functions as a peer-to-peer (P2P) and blockchain-oriented network protocol that prioritizes decentralization and privacy. The NKN network currently has more than 60,000 official nodes. It offers diverse routing algorithms designed to optimize data transmission by selecting the shortest node trajectory to reach its intended destination.

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers and equipped with both flooder and backdoor capabilities.

securelist.com

Alternate source

New NKAbuse malware abuses NKN blockchain for stealthy comms

A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for data exchange, making it a stealthy threat.

www.bleepingcomputer.com