A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier to spread and harder for organizations to detect when their cloud applications have been commandeered.
New research from Palo Alto’s Unit 42 details how Pro-Ocean, which was used throughout 2018 and 2019 to illegally mine Monero from infected Linux machines, has been quietly updated by the threat actor Rocke Group after it was exposed by Cisco Talos and other threat researchers in recent years.
Pro-Ocean is composed of four modules, each designed to further distinct goals: hiding the malware, mining Monero, infecting more applications and searching for and disabling other processes that drain CPU so the malware can mine more efficiently.
It leverages known, years-old vulnerabilities in Apache Active MQ, Oracle WebLogic, Redis and other cloud applications to deploy a hidden XMRig miner in cloud environments. It can also be ..
Support the originator by clicking the read the rest link below.
