Jan 18, 2019 23:30 UTC

| Updated:

Jan 19, 2019 at 08:12 UTC

Linux Users Beware: Cryptojacking Malware Can Now Evade Cloud-based Security

By Prashant Jha

As per reports by the Palo Alto Networks security firm, a new cryptojacking malware has been introduced that is capable of eluding cloud-based security precautions on Linux servers. On 17th January, this alarming piece of information was revealed, increasing the possibility of hackers getting their hands on crypto holdings of the users.

The malware that has been referred to in the report is meant for mining the Monero cryptocurrency (XMR). It is an improved edition of a malware earlier used by a group called “Rocke”. That particular malware had been identified by Talos, a cybersecurity company in August of 2018.

What this dangerous malware does is it checks whether there is any other crypto mining process that is currently going on in a given system. It then introduces a firewall to make sure a different cryptojacking malware is not able to break in and act before it does.

The virus then looks around for cloud security solutions that may be activated in the given system. Usually, these cloud systems are developed by Chinese majors such as Alibaba or Tencent. Hence, these malwares are adept at identifying solutions from these brands.

Once the identification is complete, the cloud-based security solution is usually neutralised.

Palo Alto Networks’ vice president for threat and intelligence, namely, Ryan Olson commented:

“This evolution indicates that attackers who are compromising hosts operating in cloud platforms are now attempting to evade security products that are specific to those platforms.”

The virus apparently breaches pre-existing weaknesses in some of the earlier versions of Adobe ColdFusion, Oracle WebLogic and Struts 2 to break in. This means that using frequently updated softwares may be a plausible line of defence against this cryptojacking malware.

As the report explained:

“During our analysis, we realized that these samples used by the Rocke group adopted new code to uninstall five different cloud security protection and monitoring products from compromised Linux servers. In our analysis, these attacks did not compromise these security products: rather, the attacks first gained full administrative control over the hosts and then abused that full administrative control to uninstall these products in the same way a legitimate administrator would.”

You May Also Read: Can Cryptocurrency Scams Be Stopped?

Prashant Jha

As a content writer Prashant believes in presenting complex topics in simple laymen terms. He is a tech enthusiast and an avid reader.

Related Posts

Yuga Labs launches BAYC council, Animoca backs Cool Cats and more

READ MORE 2 years ago

BlackRock’s newest ETF invests in 35 blockchain-related firms

READ MORE 2 years ago

New Cosmos whitepaper repurposes ATOM token and refines vision

READ MORE 2 years ago

The market is not surging anytime shortly — therefore get used to dark times

READ MORE 2 years ago

Australian legislator drafts bill geared toward stablecoin, digital yuan regulation

READ MORE 2 years ago

Brave takes aim at Google with privacy-protecting program beta

READ MORE 3 years ago

Altcoin Roundup: Market cycle analysis screamed ‘take profit’ earlier than May 19 sell-off

READ MORE 3 years ago