Researchers take down KmsdBot malware

Akamai reported that during ongoing research on the KmsdBot, a syntax error caused the bot to stop sending commands, effectively killing the botnet, resulting in the end of the cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks.

Akamai researchers previously published a blog post about the KmsdBot, a cryptomining botnet with command-and-control capabilities that infected victims through SSH and weak credentials. After infecting one of Akamai’s honeypots, the Akamai team analyzed and reported on KmsdBot.

The KmsdBot infects new systems via SSH connections that use weak or default login credentials. It targets Windows and Linux devices with a wide range of architectures. KmsdBot, a Golang-based virus, has been discovered attacking a variety of businesses, including gambling, luxury vehicle brands, and security agencies. The botnet, according to researchers, infects systems via an SSH connection that uses weak login credentials. To avoid detection, the malware does not remain persistent on the infected system.

The malware gets its name from an application called “kmsd.exe” that is downloaded from a remote server after a successful penetration. It is also designed to support a wide range of architectures, including Winx86, Arm64, MIPS, and x86 64.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web