Botnet KmsdBot Attacks Gaming Companies and Luxury Car Manufacturers

Botnet KmsdBot attacks
Written by William Reddy

Akamai analysts have released a report on a new KmsdBot botnet that uses SSH to infiltrate victim systems and attack game companies and car manufacturers.

This malware, written in Go, is engaged in cryptocurrency mining, as well as in conducting DDoS attacks. KmsdBot infections affect a wide variety of companies, from gaming companies to luxury car manufacturers and cybersecurity firms.

Larry Cashdollar

Larry Cashdollar

Let me remind you that we wrote that Cloud9 Botnet Attacks Chrome with Malicious Extensions, and also that Azov Ransomware Wiper Operators Try to Set Up Ukraine and Well-Known Information Security Specialists.

The botnet infects systems via SSH, exploiting weak login credentials. At the same time, malware does not maintain a permanent presence on the infected system, trying to avoid detection.Akamai Specialist Larry Cashdollar says.

KmsdBot got its name from the executable file kmsd.exe, which is downloaded from a remote server of hackers after a successful compromise. The malware is known to support multiple architectures, including Winx86, Arm64, mips64, and x86_64. The researchers note that KmsdBot is able to perform scanning operations and distribute itself further using an externally loaded list of login and password combinations.

According to Akamai, the first known target of this malware was the game company FiveM, which is developing a multiplayer mod for Grand Theft Auto V that allows players to create custom Grand Theft Auto Online servers. Attacks on security companies and luxury car brands have also been seen.

It is known that KmsdBot DDoS attacks are of the Layer 4 and 7 type, that is, they are based on TCP, UDP, HTTP GET and POST requests.

While observing the botnet, the researchers did not see mining activity, the botnet was only engaged in DDoS attacks. However, the malware has mining functionality (like Cloud Botnet for example): the command ./ksmdr -o was found in the code, where ksmdr is the Xmrig binary file, which was renamed. Since the botnet is still in development, these features obviously don’t work as they should yet.

This botnet is a great example of the complexity of security systems and how they evolve. From a simple gaming app bot, KmsdBot has evolved into a threat to major luxury brands.says Cashdollar.

About the author

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several months after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master's degree in cybersecurity, I've started working as a virus analyst in a little anti-malware vendor.

Leave a Comment