The same grouping of hackers is directly targeting Windows machines alongside a novel backdoor, which is a QT-based re-compiled version of the same malware used to target Linux.
Dubbed CowerSnail, detected yesteryear safety researchers at Kaspersky Labs equally Backdoor.Win32.CowerSnail, is a fully-featured windows backdoor that allows its creators to remotely execute whatever commands on the infected systems.
Wondering how these ii dissever campaigns are connected?
Interestingly, the CowerSnail backdoor uses the same command in addition to command (C&C) server equally the malware that was used to infect Linux machines to mine cryptocurrency concluding calendar month yesteryear exploiting the then-recently exposed SambaCry vulnerability.
Common C&C Server Location — cl.ezreal.space:20480SambaCry vulnerability (CVE-2017-7494), named due to its similarities to the Windows SMB flaw exploited yesteryear the WannaCry ransomware that late wreaked havoc worldwide, affected all Samba versions newer than Samba 3.5.0 released over the yesteryear 7 years.
Shortly later the populace revelation of its existence, SambaCry was exploited yesteryear this grouping of hackers to remotely install cryptocurrency mining software—"CPUminer" that mines cryptocurrencies similar Bitcoin, Litecoin, Monero in addition to others—on Linux systems.
But now, the same hackers are targeting both, Windows in addition to Linux computers, alongside CPUminer yesteryear utilising computing resources of the compromised systems inwards social club to brand the profit.
"After creating ii dissever Trojans, each designed for a specific platform in addition to each alongside its ain peculiarities, it is highly probably that this grouping volition create to a greater extent than malware inwards the future," Sergey Yunakovsky of Kaspersky Lab said inwards a weblog post.In dissever research, safety researcher Omri Ben Bassat Tsunami backdoor," an IRC-based DDoS botnet malware that's been known for infecting Mac OS X in addition to IoT devices inwards the past.
For those unaware: Samba is open-source software (re-implementation of SMB/CIFS networking protocol) that offers Linux/Unix servers alongside Windows-based file in addition to impress services in addition to runs on the bulk of operating systems in addition to IoT devices.
Despite existence patched inwards belatedly May, the SambaCry põrnikas is actively existence exploited yesteryear hackers. Just concluding week, researchers spotted a novel slice of malware, called SHELLBIND, exploiting the flaw to backdoor Network Attached Storage (NAS) devices.
