Cryptojacking malware gets past cloud security programs by uninstalling them
Why break through a barrier if you can just remove it? A piece of cryptojacking malware observed by Palo Alto Networks researchers is equipped to completely uninstall cloud security services from Linux-based servers before carrying out its malicious coin-mining. In a report published Thursday, Palo Alto Networks’ Unit 42 research team said the malware is spread by the cyberthreat group “Rocke,” whose cryptojacking activity was initially documented by Cisco Talos. A Chinese-speaking threat actor, the Rocke group is known for using the computing power of infected Linux-based systems to mine the cryptocurrency Monero. Whereas past versions of the Rocke group’s malware tried to evade detection by disabling only certain aspects of a cloud security service, the new variant simply removes the entire program, according to Palo Alto Networks. The researchers say Rocke added code that can gain administrative access on the infected server and uninstall five different cloud security and monitoring […]
The post Cryptojacking malware gets past cloud security programs by uninstalling them appeared first on CyberScoop.
Continue reading Cryptojacking malware gets past cloud security programs by uninstalling them