ESET researchers have identified a complex Linux malware targeting supercomputers worldwide. This complex malware is considered to be a severe threat to high performance computing (HPC) clusters, among other high-profile targets.
The malware has been named Kobalos for its tiny code size and complex tricks after a small, mischievous creature of Greek mythology. ESET reverse engineered this small, yet complex, malware and found that it is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. The malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets.
Kobalos is a generic backdoor in the sense that it contains broad commands that don’t reveal the intent of the attackers. Once the malware has landed on a supercomputer, the code buries itself in an OpenSSH server executable and will trigger the backdoor if a call is made through a specific TCP source port.
Experts believe that his level of sophistication is only rarely seen in Linux malware. Researchers were unable to determine the intentions of the operators of Kobalos. The system administrators of the compromised machines could not find any other malware, except for the SSH credential stealer. But because of its advanced nature, experts consider it to be a great threat for large organizations.