Security researchers have revealed the discovery of a new multi-platform malware threat called NKAbuse that is using never-before-seen tactics to hijack its victims.
In its report, Kaspersky’s Global Emergency Response Team says that the malware uses NKN technology – a blockchain-powered peer-to-peer network connectivity protocol and ecosystem that gets its name from an abbreviation of ‘New Kind of Network.’
The malware also uses Go, a programming language that has been gaining popularity in the world of malware and cyberattacks.
NKAbuse targeting Linux
Kaspersky suggests that NKAbuse is presently targeting Linux desktops. However, since it can infect MISP and ARM systems, it could potentially pose a threat to IoT devices as well.
NKAbuse uses NKN’s 60,000 official nodes to carry out flooding attacks and link back to the C2 servers.
NKAbuse contains a large arsenal of DDoS attacks, says Kaspersky, but it also contains multiple features that turn it into a powerful backdoor or a remote access trojan (RAT).
The analysts added: “Its use of blockchain technology ensures both reliability and anonymity, which indicates the potential for this botnet to expand steadily over time, seemingly devoid of an identifiable central controller.”
So far, NKAbuse has been seen infecting devices in Colombia, Mexico, and Vietnam via delivery by an individual who exploits a vulnerability, because it is believed that there is no self-propagation functionality.
The Russian team has also collected evidence that suggests the attack exploits an old vulnerability (CVE-2017-5638) which targeted a financial company.
NKAbuse’s impact on victims can include a variety of complications, including data compromise and/or theft, remote administration and control, persistence and system manipulation, and DDoS attacks.
The use of blockchain technology also suggests that NKAbuse may have the potential to expand over time, revealing the potential of botnet integration. Full details of NKAbuse can be found on Kaspersky’s website.