Security News

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years - in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. Listen to the full podcast below or download direct here.

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services cloud and collecting credentials. Attacking AWS. The attack starts with targeting the way that AWS stores credentials in an unencrypted file at ~/.aws/credentials, and additional configuration details in a file at ~/.aws/config.

A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services credentials. The worm still scans for open Docker APIs, then spins up Docker images and install itself in a new container, but it now also searches for exploitable Kubernetes systems and files containing AWS credentials and configuration details - just in case the compromised systems run on the AWS infrastructure.

A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service attacks, Palo Alto Networks reports. The malware enables itself with debug privilege and begins operation by launching several threads.

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images.

BlackBerry announced on Wednesday that the latest release of its Optics endpoint security product now includes a feature designed to protect Intel-based PCs against cryptomining malware. As a result of the collaboration between the two companies, version 2.5.1100 of BlackBerry's Optics product uses a Context Analysis Engine that leverages CPU data from Intel's Threat Detection Technology to detect and block cryptojacking attempts.

BlackBerry has added a new feature to its endpoint detection and response platform Optics: An Intel-powered cryptojacking malware detection system. BlackBerry claims its cryptojacking EDR has "Virtually no processor impact" on Windows 10 systems that Optics runs on, allowing "Organizations [to] detect and mitigate cryptojacking with greater precision and consistent results across all types of workloads."

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost's server management infrastructure.