A new version of a Linux crypto-mining malware previously used to target Docker containers in 2020 now focuses on new cloud service providers like the Huawei Cloud.
The analysis of the new campaign comes from researchers at TrendMicro, who explains how the malware has evolved with new features while retaining its previous functionality.
More specifically, the newer samples have commented out the firewall rules creation function (but it's still there) and continue to drop a network scanner to map other hosts with API-relevant ports.