BSV
$46.48
Vol 19.05m
-0.49%
BTC
$68724
Vol 45850.99m
-0.2%
BCH
$338.64
Vol 269.02m
-0.25%
LTC
$66.05
Vol 351.12m
-1.33%
DOGE
$0.17
Vol 3674.3m
7.91%
Getting your Trinity Audio player ready...

Cybersecurity researcher Palo Alto Networks Unit 42 has warned of new malware that can to target and disable cloud security products in order to mine the Monero cryptocurrency on affected computers.

Samples of the malware were collected last October, and are believed to be developed by the notorious Rocke group. It was first discovered by the Cisco Talos Intelligence Group last July that Rocke was trying to access cloud storage services.

Unit 42 discovered five different cloud security products, developed by China-based Tencent Cloud and Alibaba Cloud (Aliyun), could be uninstalled from compromised servers running on Linux. “In our analysis, these attacks did not compromise these security products: rather, the attacks first gained full administrative control over the hosts and then abused that full administrative control to uninstall these products in the same way a legitimate administrator would,” the researchers Xingyu Jin and Claud Xiao explained.

“To the best of our knowledge, this is the first malware family that developed the unique capability to target and remove cloud security products,” they added.

According to Unit 42, Rocke is able to exploit vulnerabilities in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion. In order to evade detection from the Cloud Workload Protection Platforms developed individually by cloud service providers, it isn’t enough for the malware to kill the monitor service process, but to uninstall them altogether, as Rocke has managed to do.

“We believe this unique evasion behavior will be the new trend for malware which targets public cloud infrastructure,” the researchers warned.

Already, Unit 42 is coordinating with Tencent Cloud and Alibaba Cloud to solve the issue.

Cybersecurity solutions provider Check Point Software Technologies Ltd. recently released its report on the top malware threats globally, in which the top three were all for the mining of cryptocurrencies. Coinhive has been the malware with the largest global reach for 13 months straight.

McAfee Labs has reported that the mining malware has increased by over 4,000% in just a year’s time, as of end-September 2018.

Recommended for you

How to construct transactions on BSV blockchain with Python
Python coders, it's time to start learning how to build Bitcoin transactions as nChain's Senior Software Engineer, Arthur Gordon, recently...
November 5, 2024
BSV Association joins OnlyDust’s developer event sponsor list
OnlyDust is a network for open-source developers working with blockchain and decentralized projects; its purpose is to connect contributors, maintainers,...
October 23, 2024
Advertisement
Advertisement
Advertisement