Cryptojackers Disable Alibaba Cloud Security Agent

Security experts have warned that threat actors are compromising Alibaba Cloud (Aliyun) infrastructure to deploy cryptocurrency mining malware.

The Chinese tech giant is a popular choice for infrastructure-as-a-service (IaaS) in South-East Asia. Yet, cybersecurity software company Trend Micro warned that its Elastic Computing Service (ECS) instances are also an increasingly common target for financially motivated hackers.

Several features of the platform are being targeted by these groups to enhance their chances of success, according to the report.

Although Alibaba ECS comes with a security agent, some actors can uninstall or disable it on compromise. Even if it is still running and detects a malicious script, it is then the customer’s responsibility to take action, said Trend Micro. Customers must take care to configure the product properly, as the default Alibaba ECS instance provides root access.

“In this situation, the threat actor has the highest possible privilege upon compromise, including vulnerability exploitation, any misconfiguration issue, weak credentials or data leakage. Thus, advanced payloads such as kernel module rootkits and achieving persistence via running system services can be deployed,” the researchers wrote.

“Given this feature, it comes as no surprise that multiple threat actors target Alibaba Cloud ECS simply by inserting a code snippet for removing software found only in Alibaba ECS.”

Alibaba ECS also has an auto-scaling feature that automatically adjusts computing resources based on the volume of user requests. However, this can run up addition ..

Support the originator by clicking the read the rest link below.