Researchers Recently Discovered A New Mysterious Malware Strain - Olmec Skip to main content

Researchers Recently Discovered A New Mysterious Malware Strain

By July 8, 2019May 17th, 2022Cybersecurity

Researchers at the cybersecurity firm Anomali have discovered a completely new type of malware that’s disturbing on several levels.

Worse is the fact that the researchers aren’t quite sure what it does.

The new strain has been dubbed ‘IPStorm’ by its creators, who at this point, remain unknown.

Of interest is the fact that it is the first malware found in the wild that makes use of the IPFS P2P network for its command and control communication.  By doing so, it can hide its network activity amid legitimate streams of P2P network traffic, making it virtually undetectable. IPFS is an open source P2P file sharing network used to store and share files.  Among other things, it’s currently being used to host a version of Wikipedia that can be accessed in countries where access to the website proper is blocked.

The malware has been written in the Go programming language, but researchers haven’t been able to ascertain at this point how it begins its initial infection cycle.  They have discovered that the malware package itself has been split into a number of parts, which is an indication that the group responsible for its initial development knows what they’re doing.

The researchers added: “By breaking functionality out into different Go packages, the codebase is easier to maintain.  Also, the threat actor can break out things into modules to make it easier to swap out or reuse functionality.”

On top of that, IPStorm comes with a number of antivirus-evasion techniques built-in. When it copies itself onto a target system, it uses folder names that relate to Microsoft or Adobe systems, making it unlikely that even a savvy, observant user would notice it right away.

The researchers estimate that right now, the IPStorm botnet consists of some 3,000 machines, which is a surprisingly small number and a clear indication that the malware is in a very early stage of development.  Keep this one on your radar.  It’s not a big threat at the moment, but it certainly has the potential to be a major problem in the months ahead.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.