Dev1 Galaxy Forum / Kobalos malware - possibly ported to Linux

Re: Kobalos malware - possibly ported to Linux

dummy@example.com (dice) — Fri, 05 Feb 2021 12:13:42 +0000

Head_on_a_Stick wrote:

To remove the risk completely:
# apt purge openssh-{client,server}

Be nice to see libressl ported to devuan/debian as in maintained by devuan/debian. If i was smart enough i would give it a try. Not that it matters with this type of malware i dont suppose.

Re: Kobalos malware - possibly ported to Linux

dummy@example.com (Head_on_a_Stick) — Thu, 04 Feb 2021 16:14:29 +0000

To remove the risk completely:

# apt purge openssh-{client,server}

Re: Kobalos malware - possibly ported to Linux

dummy@example.com (dice) — Thu, 04 Feb 2021 07:01:38 +0000

Thanks for the heads up.

From this article it says...

https://insidehpc.com/2021/02/report-se … x-malware/

To reduce the Kobalos threat, ESET suggested implementing a two-factor authentication for connecting to SSH servers because “stolen credentials seems to be one of the ways it is able to propagate to different systems.”

Kobalos malware - possibly ported to Linux

dummy@example.com (Altoid) — Wed, 03 Feb 2021 14:53:30 +0000

Hello:

Just a heads up so we're all on our toes:

This morning's article in The Register:
https://www.theregister.com/2021/02/03/kobalos_malware/

ESET page on the matter:

ESET wrote:

We reverse engineered this small, yet complex, malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows.

https://www.welivesecurity.com/2021/02/ … structure/

Best,