Light Dark
July 27, 2017 By Mark Samuels 2 min read

A new backdoor Trojan called CowerSnail has been revealed by researchers. The malware targets Windows systems and is believed to have been generated by the same group who recently exploited the SambaCry vulnerability to send cryptocurrency miners to Linux servers, according to Kaspersky Lab’s blog Securelist. The new threat gives attackers a range of backdoor features, including the capacity to perform batch commands on infected host computers.

How Was the Trojan Created?

Kaspersky believed that the underlying mechanism for CowerSnail is similar to that of existing malware. The firm’s researchers discovered that the new exploit uses the same command-and-control (C&C) server as the group that sent the EternalRed cryptocurrency miner to Linux servers, SecurityWeek reported.

These Linux servers were exposed to the SambaCry vulnerability, and attackers exploited this flaw to upload a shared library to a host system. This process allowed cybercriminals to run arbitrary code against a system and install an open source program to mine cryptocurrencies such as bitcoin and Monero, Forbes explained.

The development techniques behind CowerSnail provide another hint to the malware’s origins. The Trojan was created through a framework called Qt, which supports cross-platform development and gives writers the opportunity to transfer source code between operating systems. Kaspersky suggested that the malware writers probably wanted to avoid learning the Windows API and instead chose to transfer existing code.

How CowerSnail Works

The malicious program prioritizes its processes on an infected system and communicates with its C&C server through the Internet Relay Chat (IRC) protocol. The malware collects system information, sends this data back to the C&C domain, exchanges pings with the server and waits for further commands from attackers.

It is worth nothing that, despite its similarities with previous malware, CowerSnail does not download cryptocurrency mining software by default. Kaspersky reported that it instead provides a standard set of backdoor functions, including the ability to receive updates, execute any command and collect system information.

Bleeping Computer stated that CowerSnail contains only basic functionality at the moment. However, IT and security managers should take note of the threat and be wary of future escalations.

The Response

Kaspersky researcher Sergey Yunakovsky warned in his Securelist blog post that the people behind the threat are likely to strike again. “After creating two separate Trojans, each designed for a specific platform and each with its own peculiarities, it is highly probable that this group will produce more malware in the future,” he wrote.

Experts were not sure how CowerSnail is distributed. One possibility is that the malware authors rely on infection via user interaction, such as opening malicious email attachments, according to the Forbes article.

While the researchers were unsure of the scale of the threat posed by the new malware, it nevertheless represents another potential backdoor into enterprise platforms — and another reminder of the importance of strong security practices. IT managers who want to maintain enterprise integrity on Microsoft operating systems should prioritize the installation of the latest Windows security updates.

 |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now. The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP). DMP’s benefits and vulnerabilities DMP predicts memory addresses that the…

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature