Quote:Researchers have identified an updated malware variant used by the cybercrime gang Rocke Group that targets cloud infrastructures with crypto-jacking attacks.
 
The malware is called Pro-Ocean, which was first discovered in 2019, and has now been beefed-up with “worm” capabilities and rootkit detection-evasion features.
 
“This malware is an example that demonstrates that cloud providers’ agent-based security solutions may not be enough to prevent evasive malware targeted at public cloud infrastructure,” said Aviv Sasson with Palo Alto Networks on Thursday. “As we saw, this sample has the capability to delete some cloud providers’ agents and evade their detection.”

Since its discovery in 2018, the Rocke Group has widened its targeting of cloud applications – including Apache ActiveMQ, Oracle WebLogic and open-source data structure store Redis – for mining Monero. Researchers say that since these attacks initially broke out, many cybersecurity companies have kept Pro-Ocean on their radar. Rocke Group’s latest update aims to sidestep these detection and mitigation efforts.