AT&T Alien Labs warns of 'zero or low detection' for TeamTNT's latest malware bundle

2021-09-08 12:15

AT&T's Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems - and which is turning target devices into cryptocurrency miners.

Described by Alien Labs researcher Ofer Caspi as "One of the most active threat groups since 2020," TeamTNT is known for its use - and abuse - of open-source security tools for everything from finding vulnerable targets to dropping remote-control shells.

Now, AT&T's Alien Labs has shone more light on Chimaera - and says that not only has it been in active use since July but that it is "Responsible for thousands of infections globally" across Windows, Linux, AWS, Docker, and Kubernetes targets - and all while avoiding detection from anti-virus and anti-malware tools.

"In July 2021, TeamTNT began running the Chimaera campaign using new tools," Caspi explained.

"As of the publishing of this report, many of the samples analysed by Alien Labs have zero or low detection on VirusTotal" - a tool now owned by Google which scans submitted files against a phalanx of competing antivirus engines, providing a quick overview of detection coverage across a range of commercial products.

"The developers of open-source tools who do not want malware authors to use them usually do as much as they can to avoid it," Caspi told us.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/08/att_alien_labs_warns_of/

#malware