Stories
Slash Boxes
Comments

SoylentNews is people

AWS Cryptojacking Worm Spreads through the Cloud

posted by Fnord666 on Sunday August 23 2020, @05:07PM   Printer-friendly
from the coinfounding? dept.

upstart writes in with an IRC submission:

AWS Cryptojacking Worm Spreads Through the Cloud:

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.

According to researchers at Cado Security, the worm also deploys a number of openly available malware and offensive security tools, including "punk.py," a SSH post-exploitation tool; a log cleaning tool; the Diamorphine rootkit; and the Tsunami IRC backdoor.

It is, they said, the first threat observed in the wild that specifically targets AWS for cryptojacking purposes. However, it also carries out more familiar fare.

"The worm also steals local credentials, and scans the internet for misconfigured Docker platforms," according to a Monday posting. "We have seen the attackers...compromise a number of Docker and Kubernetes systems."

[...] Cado researchers suggested that to thwart such attacks, businesses should identify which systems are storing AWS credential files and delete them if they aren't needed. Also, review network traffic for any connections to mining pools or those sending the AWS credentials file over HTTP; and, use firewall rules to limit any access to Docker APIs.

Original Submission

 
This discussion has been archived. No new comments can be posted.
AWS Cryptojacking Worm Spreads through the Cloud | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by fustakrakich on Sunday August 23 2020, @05:15PM (4 children)

    by fustakrakich (6150) on Sunday August 23 2020, @05:15PM (#1040856) Journal

    When it rains it pours...

    --
    La politica e i criminali sono la stessa cosa..

  • (Score: 0) by Anonymous Coward on Sunday August 23 2020, @05:31PM (3 children)

    by Anonymous Coward on Sunday August 23 2020, @05:31PM (#1040863)

    Shouldn't it be "Geek" Comedy?

    • (Score: 1) by fustakrakich on Sunday August 23 2020, @05:34PM (1 child)

      by fustakrakich (6150) on Sunday August 23 2020, @05:34PM (#1040865) Journal

      No, it's "Geek" Tragedy. They accepted the gift Trojan Horse full of marketing droids and were swiftly overrun

      --
      La politica e i criminali sono la stessa cosa..

      • (Score: 0) by Anonymous Coward on Sunday August 23 2020, @05:39PM

        by Anonymous Coward on Sunday August 23 2020, @05:39PM (#1040868)

        Trojan doesn't make horses.

    • (Score: 0) by Anonymous Coward on Sunday August 23 2020, @05:37PM

      by Anonymous Coward on Sunday August 23 2020, @05:37PM (#1040867)

      Tragedy