'SambaCry' malware scum return with a Windows encore
CowerSnail' opens garden variety backdoors rather than mining BTC
Malware authors continue to chip away at Samba bugs similar to those that helped spread WannaCry/WannaCrypt.
The researchers strongly suspect CowerSnail comes from SambaCry's developers as it points to the same C&C server.
The authors have designed their malware to be cross-platform, writes Kaspersky's Sergey Yunakovsky: it's compiled using Qt, with a library framework that provides “cross-platform capability and transferability of the source code between different operating systems.”
The only penalty the developers suffer in trying to make the malware cross-platform is that the user code is only “a small proportion of a large 3 MB file”.
Yunakovsky reckons Qt was chosen so the creators could stick with familiar environments, and save themselves the pain of learning the details of Windows APIs, preferring to “transfer the *nix code 'as is'”.
Unlike SambaCry, the CowerSnail authors don't try to turn targets into cryptocurrency miners. Instead, infected machines get in touch with the C&C (over the IRC protocol) and create “standard backdoor functions”.
These include receiving updates, executing shell commands, and self-removal if needed. ®