The Kobalos Malware is a newly identified threat that appears to go after big targets such as supercomputers owned by various Internet Service Providers, security vendors and private companies. The malware has been active in Asia and the United States, so it would appear that its operators are going after targets worldwide. So far, all copies of the Kobalos Malware were only compatible with the Linux operating system. Still, researchers report that its codebase could be altered to go after Microsoft Windows servers as well.
The Kobalos implant behaves like a backdoor Trojan, but researchers say that its operators could modify its properties easily to fulfills different purposes. For example, the Kobalos Malware has the ability to turn the infected device in a Command-and-Control server by building a new payload on-the-spot. In addition to this, it often introduces secondary malware to sniff out SSH credentials and then try to use them to infect other devices in the same network. The backdoor functionality of Kobalos allows its operators to execute remote commands, access files, and more.
All reports show that the Kobalos Malware is a very advanced project, which is likely to be cross-platform compatible. These reasons are enough to suspect that a high-profile Advanced Persistent Threat (APT) actor might be behind the campaign. However, the Kobalos implant is yet to be linked to any of the APT groups operating in the regions that this malware targets.