Security News > 2020 > August > Crypto-Mining Worm Targets AWS Credentials
2020-08-20 03:48
Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services credentials belonging to the organizations whose systems it has infected.
The TeamTNT worm can also scan for open Docker APIs, execute Docker images and install itself.
Analysis of the worm revealed numerous references to TeamTNT, as well as a link to the malware-hosting domain teamtnt[.
The TeamTNT malware contains code copied from a worm called Kinsing, the researchers say.
With most crypto-mining worms featuring code copied from predecessors, Cado Security expects future threats to include the ability to steal AWS credentials as well.
News URL
Related news
- New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining (source)
- New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining (source)
- Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns (source)
- Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking (source)