Cryptomining Malware Uninstalls Cloud Security Products

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

Researchers say they have discovered a unique malware family capable of gaining admin rights on targeted systems by uninstalling cloud-security products. Instances of the malicious activity are tied to coin-mining malware targeting Linux servers.

Palo Alto Networks’ Unit 42, which published the report Thursday, said that the malware samples it found do not compromise, end-run or attack the security and monitoring products in question; they rather simply uninstall them from compromised Linux servers.

“In our analysis, these attacks did not compromise these security products: Rather, the attacks first gained full administrative control over the hosts and then abused that full administrative control to uninstall these products in the same way a legitimate administrator would,” Xingyu Jin and Claud Xiao, Unit 42 researchers, said in a technical write-up.

Read More

 
Related Posts
Bleedingbit
Researchers from the firm Armis identified two bugs, which impact Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki, and Aruba wireless access points (APs). Cisco has pointed out ...
READ MORE
Bleedingbit

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You might also likeclose