Cryptomining Malware Uninstalls Cloud Security Products

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

Researchers say they have discovered a unique malware family capable of gaining admin rights on targeted systems by uninstalling cloud-security products. Instances of the malicious activity are tied to coin-mining malware targeting Linux servers.

Palo Alto Networks’ Unit 42, which published the report Thursday, said that the malware samples it found do not compromise, end-run or attack the security and monitoring products in question; they rather simply uninstall them from compromised Linux servers.

“In our analysis, these attacks did not compromise these security products: Rather, the attacks first gained full administrative control over the hosts and then abused that full administrative control to uninstall these products in the same way a legitimate administrator would,” Xingyu Jin and Claud Xiao, Unit 42 researchers, said in a technical write-up.

Read More

 
Related Posts
Hackers Behind Healthcare Espionage Infect X-Ray and MRI Machines
Security researchers have uncovered a new hacking group that is aggressively targeting healthcare organizations and related sectors across the globe to conduct corporate espionage. Dubbed "Orangeworm," the hacking group has been ...
READ MORE
Bleedingbit
Researchers from the firm Armis identified two bugs, which impact Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki, and Aruba wireless access points (APs). Cisco has pointed out ...
READ MORE
Hackers Behind Healthcare Espionage Infect X-Ray and MRI
Bleedingbit

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You might also likeclose