A new version of a malware campaign that infects systems via SSH and telnet connections using weak credentials has been discovered by security researchers. The malware, dubbed KmsdBot, is written in Golang and can launch distributed denial-of-service (DDoS) attacks and mine cryptocurrencies.

KmsdBot malware poses a significant threat to the IoT landscape, as it can exploit the vulnerabilities of IoT devices with weak or default credentials, outdated firmware, or lack of encryption.

According to a report published by Akamai, a cloud service provider, the latest version of KmsdBot has expanded its attack capabilities and surface by adding support for more CPU architectures commonly found in IoT devices, such as ARM, MIPS, and PPC. The malware scans random IP addresses for open SSH and telnet ports and tries to log in with a password list downloaded from the command and control (C2) server. Once the system is compromised, the malware also downloads other files from the C2 server, such as DDoS scripts, crypto-miners, and configuration files. Akamai's researchers recommend regular security measures and updates to prevent the infection and spread of the malware.

The report also reveals that the malware targets various industries, such as gaming, cloud hosting, government, and education. The researchers found that the malware was responsible for several DDoS attacks against gaming servers in Asia and Europe. The malware also uses the infected systems to mine Monero, a cryptocurrency known for its anonymity and privacy features.

The report also provides technical details and indicators of compromise (IoC) for KmsdBot, such as file names, hashes, domains, and IP addresses. The researchers advise users to check their systems for signs of infection and respond accordingly.