The nasty cryptoworm also installs backdoor to further pursue with nefarious purposes.
Amazon is more often than not in cybersecurity news with reports of unexposed servers on AWS being breached and whatnot. Today though, the reason is much more serious. It has been found out that a worm has been infecting the AWS cloud while simultaneously scanning the internet to identify vulnerable Docker platforms as well.
See: 47% of online MongoDB databases hacked demanding ransom
Reported by researchers from Cado Security, the malware steals AWS user credentials with the help of a simple code. Believed to be from TeamTNT, the worm then uses those credentials to install a mining tool named XMRig mining tool which helps it mine Monero cryptocurrency.
Homepage of the attackers
Yet, this is not all. In addition to this primary activity, it also installs a range of other tools as listed below:
A log cleaner to remove traces of malicious activity
A rootkit named Diamorphine
A post-exploitation tool named punk.py that runs on SSH
A backdoor named Tsunami
Alongside, the attackers also receive reports indicating the total systems infected & how many coins have been mined among other details.
This has brought in approximately 3 XMR/$300 according to the researchers ti ..
Support the originator by clicking the read the rest link below.
