Tuesday, January 26, 00:56
Home security New crypto-mining malware steals AWS credentials

New crypto-mining malware steals AWS credentials


Security researchers have discovered a new one crypto-mining company capable of AWS theft credentials from infected servers. This is the first crypto-mining malware which has this capability.

This new data theft feature was detected in crypto-mining malware introduced in TeamTNT, a malicious hacking group that targets Docker facilities.

The group has been active since at least April, according to a report released by the company security Trend Micro.

According to the researchers' report, TeamTNT scans the Internet for systems Docker that have left their management API exposed to Internet without password.

The team then gains access to the API and deploys servers within the Docker installation they are running DDoS and crypto-mining malware. Hackers' tactics are not unique. Many other hacking groups use these methods.

However, in a new report published on 17 August, the UK security company, Cado Security, reports that the TeamTNT gang had upgraded its mode of operation.

Security researchers say that in addition to their core business, hackers of TeamTNT have begun launching attacks, targeting installations Kubernetes.

Η TeamTNT steals now AWS credentials

In addition to attacks on new targets, Cado researchers say TeamTNT crypto-mining malware has a new feature that scans underlying infected servers to find and steal Amazon Web Services (AWS) credentials.

If the infected Docker and Kubernetes systems run on AWS infrastructure, h gang TeamTNT scans for ~ / .aws / credentials and ~ / .aws / config and copies and uploads both files to its command-and-control server.

AWS credentials

Both of these files are not encrypted and contain credentials and configuration details for the underlying AWS account (and infrastructure) in plain text.

Security investigators believe the attackers have not yet used the stolen AWS credentials. They said they sent canary credentials to TeamTNT's C&C server, but none of them accounts had not opened before August 17, when they published their inquiry.

Nevertheless, TeamTNT is expected to significantly increase its profits, either by installing crypto-mining malware on stronger AWS EC2 clusters or selling stolen credentials on the black market. At this time, Cado does not have a complete picture of TeamTNT's new crypto-mining business, as the company security was only able to track some of the Monero wallets used by the team to collect cryptocurrencies.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...