Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign


Level 75
Content Creator
Malware Hunter
Aug 17, 2014
Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years – in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date.

The attack is still in operation as of this writing – and due to the size and scope of the infrastructure, it will be difficult to fully contain, researchers told Threatpost. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.

Right now, the attackers behind this campaign are sticking to cryptojacking – but researchers warn that it is “highly likely” they could find identity and access management (IAM) data on previously-compromised cloud systems, due to the root and administrative access that’s acquired during the malware implantation. This could open the door for future – and more dangerous – attacks.

“It is clear that the WatchDog operators are skilled coders and have enjoyed a relative lack of attention regarding their mining operations,” said researchers with Palo Alto Networks on Wednesday. “While there is currently no indication of additional cloud compromising activity at present (i.e. the capturing of cloud platform identity and access management credentials, access ID or keys), there could be potential for further cloud account compromise.”