Crypto-Mining Hacking Groups Wage War in the Cloud

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Two hacking groups connected to large-scale malicious crypto-mining campaigns have been targeting each other's cryptominers as part of an ongoing battle to get control of vulnerable cloud-based infrastructure.

The first of the two crypto-mining (also known as cryptojacking) attackers is Pacha Group, a threat group of Chinese origins profiled by Intezer Labs while pushing a cryptocurrency mining malware named Linux.GreedyAntd and first detected during September 2018.

At the time, Intezer Labs' researchers discovered that the group's Linux.GreedyAntd malware is designed to hunt down other cryptojacking malware already present on the systems it manages to infect, a technique previously used by similar malware strains [1, 2, 3]

To drop their cryptomining malware, Pacha Group "launch a brute-force attack against services like WordPress or PhpMyAdmin, or used a known exploit for an outdated version of alike services," said Intezer Labs.

Linux.GreedyAntd malware architecture

Linux.GreedyAntd malware architecture (Image: Intezer Labs)​
Intezer - Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top