AWS Cryptojacking Worm Spreads Through the Cloud:
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.
According to researchers at Cado Security, the worm also deploys a number of openly available malware and offensive security tools, including "punk.py," a SSH post-exploitation tool; a log cleaning tool; the Diamorphine rootkit; and the Tsunami IRC backdoor.
It is, they said, the first threat observed in the wild that specifically targets AWS for cryptojacking purposes. However, it also carries out more familiar fare.
"The worm also steals local credentials, and scans the internet for misconfigured Docker platforms," according to a Monday posting. "We have seen the attackers...compromise a number of Docker and Kubernetes systems."
[...] Cado researchers suggested that to thwart such attacks, businesses should identify which systems are storing AWS credential files and delete them if they aren't needed. Also, review network traffic for any connections to mining pools or those sending the AWS credentials file over HTTP; and, use firewall rules to limit any access to Docker APIs.
(Score: 1) by fustakrakich on Sunday August 23 2020, @05:15PM (4 children)
When it rains it pours...
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Sunday August 23 2020, @05:31PM (3 children)
Shouldn't it be "Geek" Comedy?
(Score: 1) by fustakrakich on Sunday August 23 2020, @05:34PM (1 child)
No, it's "Geek" Tragedy. They accepted the gift Trojan Horse full of marketing droids and were swiftly overrun
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Sunday August 23 2020, @05:39PM
Trojan doesn't make horses.
(Score: 0) by Anonymous Coward on Sunday August 23 2020, @05:37PM
Tragedy