Security News > 2021 > June > Researchers Discover First Known Malware Targeting Windows Containers

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments.

"Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant.

"Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers such as, but not limited to, cryptojackers."

Siloscape, first detected in March 2021, is characterized by several techniques, including targeting common cloud applications such as web servers to gain an initial foothold via known vulnerabilities, following which it leverages Windows container escape techniques to break out of the confines of the container and gain remote code execution on the underlying node.

Armed with this privilege, the malware then attempts to abuse the node's credentials to spread across the cluster, before anonymously establishing a connection to its command-and-control server using a Tor proxy for further instructions, including taking advantage of the computing resources in a Kubernetes cluster for cryptojacking and even exfiltrating sensitive data from applications running in the compromised clusters.

"Unlike other malware targeting containers, which are mostly cryptojacking-focused, Siloscape doesn't actually do anything that will harm the cluster on its own," Prizmant said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/26A21V2RALs/researchers-discover-first-known.html