Monero Mining Malware Discovered on Amazon Web Services

[ad_2][ad_1]

Mitiga, an emergency response and incident response company, discovered that a product available on the Amazon Web Services Marketplace contained Monero mining malware. Mitiga published the findings, noting that he discovered the malware while conducting a security audit for a financial services company.

“Mitiga’s security research team has identified an AWS community AMI containing malicious code that runs an unidentified Monero crypto miner,” according to the Mitiga blog post. “We fear this may be a phenomenon rather than an isolated event.”

Malware on AWS Marketplace

Unfortunately, the AWS Marketplace allows anyone to sell virtual services on their market. While the market is full of verified suppliers, it also contains offers from unverified community members.

Mitiga discovered that a community member was selling a Windows 2008 virtual server that secretly used the computing power of whoever downloaded it to mine Monero in the background. While it may come as a surprise that Monero mining malware was featured on Amazon’s AWS Marketplace, Amazon’s policy clearly states that:

“Amazon cannot guarantee the integrity or security of AMIs shared by other Amazon EC2 users. Therefore, you should treat shared AMIs as you would any external code that you may consider deploying in your data center and perform appropriate due diligence. we recommend getting an AMI from a trusted source. “

Reduce the attack vector

To avoid falling victim to malware that may reside within the community offerings on the AWS marketplace, Mitiga recommends “testing or terminating these instances [unverified offerings]and looking for AMI from reliable sources “

“Because customer usage of AWS is clouded, we cannot know how far this phenomenon extends without an AWS investigation,” Mitiga said. “However, we believe the potential risk is high enough to issue a security warning to all AWS customers using community AMIs.”

New to Bitcoin? Check out CoinGeek Bitcoin for beginners section, the ultimate resource guide to learn more about Bitcoin, as originally intended by Satoshi Nakamoto, and blockchain.

[ad_2]Source link