Crypto-mining worm steal AWS credentials

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
Security researchers have discovered what appears to be the first crypto-mining malware operation that contains functionality to steal AWS credentials from infected servers.

This new data-stealing feature was spotted in the malware used by TeamTNT, a cybercrime group that targets Docker installs.

The group has been active since at least April, according to research published earlier this year by security firm Trend Micro.
Per the report, TeamTNT operates by scanning the internet for Docker systems that have been misconfigured and have left their management API exposed on the internet without a password.

But in a new report published today, UK security firm Cado Security says the TeamTNT gang has recently updated its mode of operation.
Cado researchers say that besides the original functionality, TeamTNT has now also expanded its attacks to target Kubernetes installations.
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
The malware harvests AWS credentials and installs Monero cryptominers.
A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top