A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel.
“The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities,” Russian cybersecurity company Kaspersky said in a Thursday report.
Specifically, it uses the protocol to talk to the bot master and receive/send commands. The malware is implemented in the Go programming language, and evidence points to it being used primarily to single out Linux systems, including IoT devices.
Another notable aspect is its lack of a self-propagation mechanism, meaning the malware needs to be delivered to a target by another initial access pathway, such as through the exploitation of security flaws.
“We are surprised to see NKN is used in such a way,” Zheng “Bruce” Li, co-founder of NKN, told The Hacker News. “We built NKN to provide true peer-to-peer communication that is secure, private, decentralized, and massively scalable. We are trying to learn more about the report to see if together we can make the internet safe and neutral.”
NKAbuse also incorporates a bevy of backdoor features that allow it to periodically send a heartbeat message to the bot master, which contains information about the system, capture screenshots of the current screen, perform file operations, and run system commands.
Source: https://thehackernews.com/