Kaspersky Laboratory uncovers multifunctional malware nkabuse
Kaspersky Laboratory recently discovered a new multifunctional malicious program called nkabuse, which utilizes the decentralized communication protocol of the NKN to exchange data between infected devices.
The NKN, described as a software overlay built on top of the classical Internet, allows users to share unused bandwidth and receive rewards in tokens. It incorporates a blockchain layer over the existing stack of TCP/IP protocols.
Attackers often use new communication protocols to control and manage malicious programs to avoid detection. In the case of NKABUSE, it integrates blockchain technology for DDOS attacks and functions as an implant in compromised systems.
Specifically, the malware utilizes the NKN protocol to communicate with the botnet operator and send/receive commands. It is predominantly implemented in the GO programming language and primarily targets Linux systems, including IoT devices used by consumers such as vehicles, smart home systems, smart clothes, medical devices, and devices with remote monitoring capabilities.