Security News > 2020 > August > Crypto-Mining Worm Targets AWS Credentials

Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services credentials belonging to the organizations whose systems it has infected.
The TeamTNT worm can also scan for open Docker APIs, execute Docker images and install itself.
Analysis of the worm revealed numerous references to TeamTNT, as well as a link to the malware-hosting domain teamtnt[.
The TeamTNT malware contains code copied from a worm called Kinsing, the researchers say.
With most crypto-mining worms featuring code copied from predecessors, Cado Security expects future threats to include the ability to steal AWS credentials as well.
News URL
Related news
- Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials (source)