Security News > 2020 > August > Crypto-Mining Worm Targets AWS Credentials
Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services credentials belonging to the organizations whose systems it has infected.
The TeamTNT worm can also scan for open Docker APIs, execute Docker images and install itself.
Analysis of the worm revealed numerous references to TeamTNT, as well as a link to the malware-hosting domain teamtnt[.
The TeamTNT malware contains code copied from a worm called Kinsing, the researchers say.
With most crypto-mining worms featuring code copied from predecessors, Cado Security expects future threats to include the ability to steal AWS credentials as well.