Kinsing

Malware updated 25 days ago (2024-08-14T09:38:17.955Z)
Download STIX
Preview STIX
Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal information, disrupting operations, or even holding data for ransom. In recent attacks, Kinsing threat actors have been probing the Looney Tunables flaws, as reported on securityaffairs.com. The Kinsing malware was further analyzed using the open-source tool Sysdig. During this analysis, it was discovered that Kinsing wrote to a file named /tmp/kdevtmpfsi. This action was detected during a deep dive into the system calls executed from Kinsing, providing valuable insight into its behavior and operational tactics. The use of Sysdig open source allowed for a closer examination of the malware's activities, particularly when it was running in a honeypot project. In conclusion, Kinsing presents a significant cybersecurity threat due to its ability to exploit system vulnerabilities and carry out harmful actions undetected. Its recent activity involving the Looney Tunables flaws underscores the need for robust security measures and constant vigilance. Tools like Sysdig open source offer invaluable resources for understanding and combatting threats such as Kinsing, enabling researchers to study its behaviors and devise effective countermeasures.
Description last updated: 2024-08-14T08:50:42.150Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Money Libra
3
Money Libra, also known as Kinsing, is a malicious software (malware) that has been active since late 2021. This malware primarily targets cloud-native environments and applications such as Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, and cloud-hosted Apache NiFi instances,
H2miner
2
H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Linux
Vulnerability
Malware
Exploits
Apache Activ...
Activemq
Redis
Docker
Apache
Rootkit
Bitcoin
Kubernetes
Botnet
Cryptominer
Jenkins
Cybercrime
Payload
Source
Ddos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
MiraiUnspecified
3
Mirai is a type of malware that specifically targets Internet of Things (IoT) devices such as smart speakers, cameras, and connected home equipment. It exploits weak Telnet (port 23) and SSH (port 22) credentials to gain control over these devices. Once infected, these devices are then incorporated
MoziUnspecified
2
Mozi is a type of malware, a malicious software designed to exploit and damage computer systems and devices. It typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
Looney Tunableshas used
6
Looney Tunables is a significant vulnerability in Linux software design and implementation, which has been exploited by various threat actors. This flaw allows for local privilege escalation, providing unauthorized users with elevated access rights within a Linux environment. Multiple experts have r
CVE-2023-46604Unspecified
4
CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity
CVE-2023-4911Unspecified
4
CVE-2023-4911, also known as the "Looney Tunables" vulnerability, is a significant software flaw found in the GNU C Library (glibc), specifically within its dynamic loader ld.so. This buffer overflow issue occurs when processing the GLIBC_TUNABLES environment variable, enabling threat actors to exec
CVE-2017-9841Unspecified
2
CVE-2017-9841 is a critical vulnerability in the PHP testing framework, PHPUnit. It is a software flaw that allows attackers to gain initial access to systems by exploiting it to download and execute a Perl script, thereby opening a reverse shell on the compromised machine. This vulnerability was ac
Log4ShellUnspecified
2
Log4Shell is a significant software vulnerability that exists within the Log4j Java-based logging utility. The vulnerability, officially designated as CVE-2021-44228, allows potential attackers to execute arbitrary code on targeted systems. Advanced Persistent Threat (APT) actors, including LockBit
Source Document References
Information about the Kinsing Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
2 months ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
5 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
5 months ago
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously
Securityaffairs
5 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini