Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: Report

Published at: Jan. 18, 2019

A new cryptojacking malware has the ability to disable cloud-based security measures to avoid detection on Linux servers, research by information security company Palo Alto Networks Jan. 17 reveals.

The malware in question mines Monero (XMR) and is reportedly a modified version of one used by the so-called “Rocke” group, originally discovered by cybersecurity firm Talos in August last year. According to the research, one of the first things that the malware does is check for other cryptocurrency mining processes and add firewall rules to block any other cryptojacking malware.

The virus reportedly also searches for cloud security services by Chinese internet giants Tencent and Alibaba and neutralizes them in an attempt to remain concealed. Ryan Olson, vice president for threat intelligence at Palo Alto Networks explained:

“This evolution indicates that attackers who are compromising hosts operating in cloud platforms are now attempting to evade security products that are specific to those platforms.”

The virus also reportedly takes advantage of known vulnerabilities in older versions of Apache Struts 2, Oracle WebLogic and Adobe ColdFusion to infect the systems. Still, keeping the software updated to the latest version prevents the attack, according to the report.

As Cointelegraph reported in December last year, cryptojacking malware activity rose by over 4000 percent in 2018, according to a new quarterly report published by cybersecurity firm McAfee Labs.

According to another report published the same month, 415,000 MikroTik routers had been affected by cryptojacking malware at that time, double the number of infected devices since last summer.

Tags
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Malware Shellbot is Now Capable of Shutting Down Other Miners
The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1. Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update. The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners …
Blockchain / May 1, 2019
Consumer-Targeted Cryptojacking Is ‘Essentially Extinct’: Research
Illicit crypto mining — or cryptojacking — against consumers “is essentially extinct,” declares a report released by cybersecurity company MalwareBytes on April 23. Per the report, after in-browser mining service CoinHive shut down in early March — when the team claimed that the project had become economically inviable — cryptojacking against consumers has sharply decreased. At the same time, the number of such attacks targeting businesses increased from the last quarter. Furthermore, MalwareBytes also notes that bitcoin (BTC) holders who use Electrum wallets on a Mac have lost over $2.3 million in stolen coins to a Trojanized version of the …
Bitcoin / April 27, 2019
Malware on Official Monero Website Can Steal Crypto: Investigator
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Altcoin / Nov. 19, 2019
AT&T Wins Some, Loses Some, in Motion Dismissals in $24M SIM Swap Case
The federal judge overseeing Terpin Vs. AT&T has dismissed the motion. This news is the latest in a legal battle pertaining to crypto stolen via SIM-swapping that has been going on for almost a year industry news outlet, The Block, reports on July 26. As Cointelegraph previously reported, in August last year Terpin filed a lawsuit against AT&T, since he believes that the telecoms giant had provided hackers with access to his phone number, which led to a major crypto heist. Earlier this month the federal judge overseeing the case has also denied the telecom giant’s motion for dismissal. Per …
Altcoin / July 27, 2019