Light Dark
July 27, 2017 By Mark Samuels 2 min read

A new backdoor Trojan called CowerSnail has been revealed by researchers. The malware targets Windows systems and is believed to have been generated by the same group who recently exploited the SambaCry vulnerability to send cryptocurrency miners to Linux servers, according to Kaspersky Lab’s blog Securelist. The new threat gives attackers a range of backdoor features, including the capacity to perform batch commands on infected host computers.

How Was the Trojan Created?

Kaspersky believed that the underlying mechanism for CowerSnail is similar to that of existing malware. The firm’s researchers discovered that the new exploit uses the same command-and-control (C&C) server as the group that sent the EternalRed cryptocurrency miner to Linux servers, SecurityWeek reported.

These Linux servers were exposed to the SambaCry vulnerability, and attackers exploited this flaw to upload a shared library to a host system. This process allowed cybercriminals to run arbitrary code against a system and install an open source program to mine cryptocurrencies such as bitcoin and Monero, Forbes explained.

The development techniques behind CowerSnail provide another hint to the malware’s origins. The Trojan was created through a framework called Qt, which supports cross-platform development and gives writers the opportunity to transfer source code between operating systems. Kaspersky suggested that the malware writers probably wanted to avoid learning the Windows API and instead chose to transfer existing code.

How CowerSnail Works

The malicious program prioritizes its processes on an infected system and communicates with its C&C server through the Internet Relay Chat (IRC) protocol. The malware collects system information, sends this data back to the C&C domain, exchanges pings with the server and waits for further commands from attackers.

It is worth nothing that, despite its similarities with previous malware, CowerSnail does not download cryptocurrency mining software by default. Kaspersky reported that it instead provides a standard set of backdoor functions, including the ability to receive updates, execute any command and collect system information.

Bleeping Computer stated that CowerSnail contains only basic functionality at the moment. However, IT and security managers should take note of the threat and be wary of future escalations.

The Response

Kaspersky researcher Sergey Yunakovsky warned in his Securelist blog post that the people behind the threat are likely to strike again. “After creating two separate Trojans, each designed for a specific platform and each with its own peculiarities, it is highly probable that this group will produce more malware in the future,” he wrote.

Experts were not sure how CowerSnail is distributed. One possibility is that the malware authors rely on infection via user interaction, such as opening malicious email attachments, according to the Forbes article.

While the researchers were unsure of the scale of the threat posed by the new malware, it nevertheless represents another potential backdoor into enterprise platforms — and another reminder of the importance of strong security practices. IT managers who want to maintain enterprise integrity on Microsoft operating systems should prioritize the installation of the latest Windows security updates.

 |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature