A Monero crypto-mining bot is stealing AWS logins for crypto jacking

 According to a report this week by Cado Security, a UK-based cybersecurity organization, hackers are stealing Amazon Web Services (AWS) credentials from its users, in order to deploy a new crypto-jacking botnet. At the time of this article, the attack is still active.

The firm declared this instance to be the first one where hackers are targeting Amazon tools to steal web credentials so that they can do crypto mining. According to the security firm, 119 systems have been hijacked till now.

This bot is not so old and quite recent in fact. It has been active since April, which means that the attackers have only recently started this hijacking. It has been deployed by a cybercrime group called “Team TNT.

Attacking techniques

Hackers tap into the users’ Amazon accounts through exposed files. These files have configuration details for the underlying AWS account and this enables the attackers to get hold of them. This way they sweep into Amazon’s powerful resources to mine Monero.

The botnet infects the system’s “Docker” so that the attackers can scan the exposed credentials, upload them on a server and get full authority. Finally, they install a Monero mining bot and get their mining done. The attackers are basically using the resources of Amazon to get their crypto-jacking done.

Hackers could profit from the situation

Cado Security has noted that though the attacker has not yet used many of the stolen credentials but this does not mean that it will not. Once the attackers deploy the attack,  Team TNT will be there to boost its profit and this can be done either by  “installing crypto-mining malware in more powerful AWS clusters directly or by selling the stolen credentials on the black market”.

Tags

Jacob Brown

Jacob a finance graduate, working as a full-time crypto writer. Jacob is actively working to spread awareness about cryptocurrencies as well as their impact on the traditional currencies.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button