A new backdoor Trojan dubbed CowelSnail has been detected targeting Windows computers. Security experts believe that the backdoor Trojan was created by the same cybercriminal gang that weaponised a long-hidden SambaCry bug.
Experts feared that the Samba bug could have morphed into a powerful "worm," similar to WannaCry. SambaCry was weaponised by hackers to install cryptocurrency miners on Linux servers. According to Kaspersky Lab researchers, instead of downloading cryptocurrency miners, CowelSnail provides backdoor functions.
The Trojan comes with features such as harvesting data, including type of OS installed, timestamp, host name, information about network interfaces and physical memory and more. CowelSnail's code appears to be rare, as the backdoor malware has been created in Qt – a coding framework that allows for developing cross-OS applications.
The backdoor Trojan's C&C (command and control) server is the same as the one used to launch the cryptocurrency miner to Linux systems running outdated Samba, according to Kaspersky Lab researcher Sergey Yunakovsky.
"SambaCry was designed for *nix-based systems. CowerSnail, meanwhile, was written using Qt, which most probably means the author didn't want to go into the details of WinAPI, and preferred to transfer the *nix code 'as is'. This fact, along with the same C&C being used by both programs, strongly suggests that CowerSnail was created by the same group that created SambaCry," Yunakovsky said.
"After creating two separate Trojans, each designed for a specific platform and each with its own peculiarities, it is highly probable that this group will produce more malware in the future," Yunakovsky added.