AWS Cryptojacking Worm Spreads Through the Cloud
#1
Information 
Quote:The malware harvests AWS credentials and installs Monero cryptominers.
 
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.
 
According to researchers at Cado Security, the worm also deploys a number of openly available malware and offensive security tools, including “punk.py,” a SSH post-exploitation tool; a log cleaning tool; the Diamorphine rootkit; and the Tsunami IRC backdoor.
 
It is, they said, the first threat observed in the wild that specifically targets AWS for cryptojacking purposes. However, it also carries out more familiar fare.
 
“The worm also steals local credentials, and scans the internet for misconfigured Docker platforms,” according to a Monday posting. “We have seen the attackers…compromise a number of Docker and Kubernetes systems.”

Read more: https://threatpost.com/aws-cryptojacking...ud/158427/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AMD prepares Linux support for new Low P...
AMD Linux patch ad...harlan4096 — 07:16
Opera 149.0.7827.197
Dear Opera Users! ...harlan4096 — 07:14
Privazer 4.0.124.1 (28 June 2026)
v4.0.124.1 (28 Jun...harlan4096 — 07:13
GlassWire 3.9.1102 - (June 29, 2026)
Version 3.9.1102 -...harlan4096 — 07:12
AMD Radeon Software Adrenalin 26.6.4 dri...
AMD Radeon Software...harlan4096 — 07:10

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>