19 August 20, 12:34
Quote:The malware harvests AWS credentials and installs Monero cryptominers.
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.
According to researchers at Cado Security, the worm also deploys a number of openly available malware and offensive security tools, including “punk.py,” a SSH post-exploitation tool; a log cleaning tool; the Diamorphine rootkit; and the Tsunami IRC backdoor.
It is, they said, the first threat observed in the wild that specifically targets AWS for cryptojacking purposes. However, it also carries out more familiar fare.
“The worm also steals local credentials, and scans the internet for misconfigured Docker platforms,” according to a Monday posting. “We have seen the attackers…compromise a number of Docker and Kubernetes systems.”
Read more: https://threatpost.com/aws-cryptojacking...ud/158427/