Rocke Group’s Malware Now Has Worm Capabilities

2021-01-28 20:06

Researchers have identified an updated malware variant used by the cybercrime gang Rocke Group that targets cloud infrastructures with crypto-jacking attacks.

The malware is called Pro-Ocean, which was first discovered in 2019, and has now been beefed-up with "Worm" capabilities and rootkit detection-evasion features.

Once downloaded, the malware attempts to remove other malware and cryptominers, including Luoxk, BillGates, XMRig and Hashfish.

The malware is made up of four components: A rootkit module that installs a rootkit and other various malicious services; a mining module that runs the XMRig miner; a Watchdog module that executes two Bash scripts; and an infection module that contains "Worm" capabilities.

The Pro-Ocean malware has also added mew rootkit capabilities that cloak its malicious activity.

"Cryptojacking malware targeting the cloud is evolving as attackers understand the potential of that environment to mine for crypto coins. We previously saw simpler attacks by the Rocke Group, but it seems this group presents an ongoing, growing threat. This cloud-targeted malware is not something ordinary since it has worm and rootkit capabilities. We can assume that the growing trend of sophisticated attacks on the cloud will continue."

News URL

https://threatpost.com/rocke-groups-malware-now-has-worm-capabilities/163463/

#malware #worm