• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Changelly
  • Price table

Crypto News PRO

From the world all news

  • Home
  • News

An AWS Virtual Machine Is Infected With Mining Malware. There Could Be Others

Written by:
Aeon Flux
Published on:
22 August 2020
Thoughts:
No comments yet

Aug 21, 2020 at 13:00 UTCUpdated Aug 21, 2020 at 17:08 UTC

mitgo

(Mitga)

A cybersecurity firm has unearthed a monero mining script embedded in a public instance of an Amazon Web Service (AWS) virtual machine. Now the firm is raising the question: How many other community Amazon Machine Instances (AMIs) are infected with the same malware?

Researchers at Mitiga revealed in a blog post Friday an AWS AMI for a Windows 2008 virtual server hosted by an unverified vendor is infected with a Monero mining script. The malware would have infected any device running the AMI with the purpose of using the device’s processing power to mine the privacy coin monero in the background – a malware attack that has become all too common in crypto’s digital wild west.

“Mitiga’s security research team has identified an AWS Community AMI containing malicious code running an unidentified crypto (Monero) miner. We have concerns this may be a phenomenon, rather than an isolated occurrence,” the blog post reads.

Monero meets AMI

Businesses and other entities use Amazon Web Services to spin up what are called “EC2” instances of popular programs and services. Also known as virtual machines, these EC2s are developed by third parties and are deployed under the Amazon Machine Instance framework, and businesses leverage these services to lower the costs of compute power for their business operations. AWS users can source these services from Amazon Marketplace AMIs, which are Amazon-verified vendors, or Community AMIs, which are unverified. 

Read more: BlackBerry and Intel Tackle Cryptojacking Malware With New Detection Tool

Mitiga discovered this monero script in a Community AMI for a Windows 2008 Server while conducting a security audit for a financial services company. In its analysis, Mititga concluded that the AMI was created with the sole purpose of infecting devices with the mining malware, as the script was included in the AMI’s code from day one.

mitiga-ami-crypto-minerCode for the monero mining scriptSource: Mitiga

Outside of the financial services company that hired Mitiga to review the AMI, the cybersecurity firm is unaware of how many other entities and devices may be infected with the malware. 

“As to how Amazon allows this to happen, well, this is the biggest question that arises from this discovery, but it’s a question that should also be directed to AWS’s (sic) Comms team,” the team told CoinDesk over email.

CoinDesk reached out to Amazon Web Services to learn more about its approach to handling unverified AMI publishers but a representative declined to comment. Amazon Web Service’s documentation includes the caveat that users choose to use Community AMIs “at [their] own risk” and that Amazon “can’t vouch for the integrity or security of [these] AMIs.”

mitiga-community-ami-2The AWS page containing the Community AMI that is infected with the malwareSource: Mitiga

One-off event or one of many?

Mitiga’s principal concern is that this malware could be one of several bugs worming around in unverified AMIs. The fact that Amazon does not provide transparent data regarding AWS use exacerbates this worry, the firm told CoinDesk.

“As AWS customer usage is obfuscated, we can’t know how far and wide this phenomenon stretches without AWS’s own investigation. We do however believe that the potential risk is high enough to issue a security advisory to all AWS customers using Community AMIs.”

Read more: North Korea Is Expanding Its Monero Mining Operations, Says Report 

Mitiga recommends that any entity running a community AMI should terminate it immediately and search for a replacement from a trusted vendor. At the very least, businesses that rely on AWS should painstakingly review the code before integrating unverified AMIs into their business logic. 

Mining malware could actually be the most innocuous form of infection a business may experience, the firm continued in the post. The worst-case scenario includes an AMI installing a backdoor on a business’ computer or ransomware that would encrypt the company’s files with the aim of extorting it for money to regain access.

The attack is the latest in a trend of so-called “crypto-jacking” attacks. Monero is the coin of choice among attackers thanks to its mining algorithm, which can be run easily using a computer’s CPU and GPU. When attackers infect enough computers and pool their resources, the collective hashpower is enough to merit a pretty payday.

If Mitiga’s fears are true, other AMIs may have infected user devices with monero mining scripts and gone unnoticed.

Read more about…

Mining MalwareMoneroAWSCryptojacking

Disclosure

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Categories: News

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Search in the news

Translate:

Earn up to 5% every 10 days with Aeon Flux Coins

Categories

  • Bitcoin (2,395)
  • Ethereum (1,612)
  • News (4,986)

Recent Posts

  • Exploring the Foundation of the Fantom Blockchain 30 April 2022
  • Interview with Oleg Kotliarov, CEO at Attarius Network 29 April 2022
  • Ragdoll Cat NFT Marketplace is Coming Soon with a New Token 29 April 2022
  • MRHB.Network’s SouqNFT Marketplace Hosts World’s First NFT-based Halal Certifications 29 April 2022
  • The Magnet of Play-to-Earn, And What Could Sink It 29 April 2022

Archives

  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020

© 2015-2020 Crypto News PRO
All Rights Reserved. Powered by IWG Agenzia Web