In the context of malware, HeadCrab is a name well known to cybersecurity experts.
We are talking about a malicious agent that has a single purpose: to infect as many devices as possible to include them in one botnetsometimes exploited for cryptominingsometimes for DDoS attacks directed to a particular website.
According to researchers at Aqua Securitythe malware is presenting itself with a new and disturbing variant, the protagonist of a campaign that, to date, would be of interest circa 1.100 server.
The new variant features a number of small updates compared to the previous version. In this sense, the malware seems to have refined its elusive capabilities, integrating the encryption to the control infrastructure and eliminating other features that are easy for cybersecurity tools to spot.
The characteristics of HeadCrab, according to the experts who have analyzed this malware, bring it closer and closer to a rootkit. This means that it is able to reach the deepest functions of a device, controlling its entire operation without particular limitations.
HeadCrab and the curious dialogue between security experts and its creator
This malware has a totally unique detail, a sort of “mini blog” inside. Here the author of the malware described some details of its creation while also offering a anonymous email address through which to contact him.
The Aqua Security researchers therefore made contact with whoever created and manages HeadCrab, a hacker who calls himself Ice9. Incredibly, therefore, the two parties began to communicate with each other.
Ice9, during conversations, stated how malware does not reduce server performance. Furthermore, according to what he says, HeadCrab would eliminate other malicious agents already present on the affected device. Finally, the same hacker cited the same researchers on his mini blog, recognizing how the work carried out by the Aqua researchers was very accurate.