An international data security firm, ESET, has published a report of a malware called Kobalos, a tiny, yet complex Linux and Unix threat, targeting supercomputing clusters.

The ESET report describes Kobalos as a backdoor that works on Linux and Unix. Some compromised servers are turned into a C&C servers to store stolen data or download commands from other compromised servers, some hosts have an OpenSSH credential stealer installed on the system.

It is not known how the root access is gained. On compromised machines ssh file is replaced with a modified executable that steals credentials and writes them to an encrypted file. This is a way how the malware propagates itself, it could also be installed by exploiting a software vulnerability. Anyone connecting to the compromised machine via SSH will have their credentials captured and those could be used by an attacker later.