Security News > 2020 > August > Crypto-Mining Worm Targets AWS Credentials

Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services credentials belonging to the organizations whose systems it has infected.
The TeamTNT worm can also scan for open Docker APIs, execute Docker images and install itself.
Analysis of the worm revealed numerous references to TeamTNT, as well as a link to the malware-hosting domain teamtnt[.
The TeamTNT malware contains code copied from a worm called Kinsing, the researchers say.
With most crypto-mining worms featuring code copied from predecessors, Cado Security expects future threats to include the ability to steal AWS credentials as well.
News URL
Related news
- Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)