silversurfer
Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
- Aug 17, 2014
- 12,731
- 123,854
- 8,399
Intezer - Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the CloudTwo hacking groups connected to large-scale malicious crypto-mining campaigns have been targeting each other's cryptominers as part of an ongoing battle to get control of vulnerable cloud-based infrastructure.
The first of the two crypto-mining (also known as cryptojacking) attackers is Pacha Group, a threat group of Chinese origins profiled by Intezer Labs while pushing a cryptocurrency mining malware named Linux.GreedyAntd and first detected during September 2018.
At the time, Intezer Labs' researchers discovered that the group's Linux.GreedyAntd malware is designed to hunt down other cryptojacking malware already present on the systems it manages to infect, a technique previously used by similar malware strains [1, 2, 3]
To drop their cryptomining malware, Pacha Group "launch a brute-force attack against services like WordPress or PhpMyAdmin, or used a known exploit for an outdated version of alike services," said Intezer Labs.
Linux.GreedyAntd malware architecture (Image: Intezer Labs)
