Cowersnail — Windows Backdoor From The Creators Of Sambacry Linux Malware

Last month, nosotros reported almost a grouping of hackers exploiting SambaCry—a 7-year-old critical remote code execution vulnerability inwards Samba networking software—to hack Linux computers as well as install malware to mine cryptocurrencies.

The same grouping of hackers is forthwith targeting Windows machines amongst a novel backdoor, which is a QT-based re-compiled version of the same malware used to target Linux.

Dubbed CowerSnail, detected yesteryear safety researchers at Kaspersky Labs equally Backdoor.Win32.CowerSnail, is a fully-featured windows backdoor that allows its creators to remotely execute whatever commands on the infected systems.

Wondering how these 2 dissever campaigns are connected?

Interestingly, the CowerSnail backdoor uses the same command as well as command (C&C) server equally the malware that was used to infect Linux machines to mine cryptocurrency concluding calendar month yesteryear exploiting the then-recently exposed SambaCry vulnerability.

Common C&C Server Location — cl.ezreal.space:20480

SambaCry vulnerability (CVE-2017-7494), named due to its similarities to the Windows SMB flaw exploited yesteryear the WannaCry ransomware that lately wreaked havoc worldwide, affected all Samba versions newer than Samba 3.5.0 released over the yesteryear 7 years.

Shortly afterward the populace revelation of its existence, SambaCry was exploited yesteryear this grouping of hackers to remotely install cryptocurrency mining software—"CPUminer" that mines cryptocurrencies similar Bitcoin, Litecoin, Monero as well as others—on Linux systems.

But now, the same hackers are targeting both, Windows as well as Linux computers, amongst CPUminer yesteryear utilising computing resources of the compromised systems inwards gild to brand the profit.

"After creating 2 dissever Trojans, each designed for a specific platform as well as each amongst its ain peculiarities, it is highly probably that this grouping volition gain to a greater extent than malware inwards the future," Sergey Yunakovsky of Kaspersky Lab said inwards a weblog post.

In dissever research, safety researcher Omri Ben Bassat‏ Tsunami backdoor," an IRC-based DDoS botnet malware that's been known for infecting Mac OS X as well as IoT devices inwards the past.

For those unaware: Samba is open-source software (re-implementation of SMB/CIFS networking protocol) that offers Linux/Unix servers amongst Windows-based file as well as impress services as well as runs on the bulk of operating systems as well as IoT devices.

Despite beingness patched inwards belatedly May, the SambaCry põrnikas is actively beingness exploited yesteryear hackers. Just concluding week, researchers spotted a novel slice of malware, called SHELLBIND, exploiting the flaw to backdoor Network Attached Storage (NAS) devices.

Share This :