Security News > 2022 > April > Cryptocurrency-mining AWS Lambda-specific malware spotted

Cado Security says it has discovered a strain of malware specifically designed to run in AWS Lambda serverless environments and mine cryptocurrency.
While the security firm has only seen the malware running in AWS Lambda, it can be made to run in other Linux-flavored environments, Cado Security CTO and co-founder Chris Doman told The Register this week.
Under Amazon, and other cloud providers', shared-responsibility security model, AWS secures the underlying environment - Lambda, in this case - while the customer is responsible for securing their own data and the Lambda functions themselves.
In Cado's analysis, it appeared Denonia contained a customized variant of the Monero-mining XMRig "Along with other unknown functions." During its dynamic analysis, Denonia stopped executing and logged an error about a Lambda AWS environment variable not being defined.
The infosec team also noted that the malware includes several third-party Go libraries including tools for writing Lambda functions, helpers for retrieving contextual information from a Lambda invoke request, general AWS software development kits for Go, and DNS-over-HTTPS in Go. This use of DNS-over-HTTPS is interesting, Muir noted.
Third-party security analysts were mixed in their reactions to the Lambda malware research.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/04/07/aws_lambda_malware/
Related news
- MassJacker malware uses 778,000 wallets to steal cryptocurrency (source)
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions (source)
- Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign (source)
- Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings (source)