Crypto-mining worm steal AWS credentials

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,124
Content source
https://www.zdnet.com/article/crypto-mining-worm-steal-aws-credentials/
Security researchers have discovered what appears to be the first crypto-mining malware operation that contains functionality to steal AWS credentials from infected servers.

This new data-stealing feature was spotted in the malware used by TeamTNT, a cybercrime group that targets Docker installs.

The group has been active since at least April, according to research published earlier this year by security firm Trend Micro.
Per the report, TeamTNT operates by scanning the internet for Docker systems that have been misconfigured and have left their management API exposed on the internet without a password.

But in a new report published today, UK security firm Cado Security says the TeamTNT gang has recently updated its mode of operation.
Cado researchers say that besides the original functionality, TeamTNT has now also expanded its attacks to target Kubernetes installations.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Andy Ful, [correlate], Nevi and 4 others
[correlate]

[correlate]

Level 18
Verified
Top Poster
Well-known
May 4, 2019
825
The malware harvests AWS credentials and installs Monero cryptominers.
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.
Click to expand...
threatpost.com

AWS Cryptojacking Worm Spreads Through the Cloud

The malware harvests AWS credentials and installs Monero cryptominers.
threatpost.com threatpost.com
 
  • Like
Reactions: Gandalf_The_Grey, ForgottenSeer 85179, Nevi and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Malware News Global infostealer malware operation targets crypto users, gamers
Replies
0
Views
1,595
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Classiscam fraud-as-a-service expands, now targets banks and 251 brands
Replies
0
Views
1,074
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Qilin ransomware now steals credentials from Chrome browsers
Replies
0
Views
1,659
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top