InsideBitcoins.com

Researchers Discover Sophisticated Cloud-Based Mining Malware 

Cybersecurity researchers are shedding their light on Bitcoin and cryptocurrencies once more, as a new strain of malware that functions with Bitcoin miners have been found. 

In a report published earlier this month, cybersecurity firm Aqua Security confirmed that they’ve come to notice a new and persistent malware campaign that targets thousands of Docker systems and runs on a Bitcoin miner. 

A Massive Target Count 

The company’s report confirmed that it has been recording attacks for months now, as the malware’s operators have chosen to target several thousand victims in a day. The target rate has essentially surpassed what the firm has seen before, the post confirmed. 

Going even deeper, the firm identified that the malware is a Golang-based Linux agent that’s called Kinsing. It looks out for misconfigurations in Docker API ports, then uses them to expand its operations. The malware also runs an Ubuntu container, which downloads it and tries to propagate it to as many hosts as possible. 

The objective of the campaign is to deploy a crypto miner on a computer, thus enriching its owners. It does this by exploiting the vulnerability in the Docker port, then operating while also evading detection. 

Aqua’s study also showed some insights into the malware’s components, with the firm explaining that the campaign is a proper example of how cloud-native environments can be corrupted and taken advantage of. The firm pointed out that attackers are more sophisticated in their approach, and enterprise security teams will need to be more effective in developing threat mitigation strategies. 

The firm provided a few pointers to security teams, including the identification of all cloud-based resources that their clients use and grouping them into a logical structure. Authentication and authorization policies should also be properly reviewed, and basic security policies should be adjusted on the “least privilege” basis. 

Security companies can also look into logs to identify anomalous user actions and implement cloud security tools.  

Vollgar: The Silent Crypto Mining Malware

Kinsing isn’t the only sophisticated malware that’s been making the rounds lately. Last week, Guardicore Labs announced that it had been able to identify a new mining malware strain that has been operating for up to 2 years. 

In a blog post, the firm identified Vollgar, a threat actor that mines Vollar, a little-known altcoin. The firm explained that the malware targets Windows machines that run on the MS-SQL servers – computers which, as it estimates, are only about 500,000 left in the world. 

 While these servers are scarce, they’ve become especially famous for the massive processing power that they provide, as well as the ability to store valuable personal and financial information. Guardicore Labs explained that once Vollgar infects a server, it kills off the processes of other threat actors entirely, then it deploys multiple backdoors, crypto miners, and Remote Access Trojans.  

Attacks with the tool have come from over 120 IP addresses, although most appear to be localized in China. Giardicore also opined that most of these machines are corresponding with compromised machines and are being used to target more victims.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • Excellent choice for U.S. customers
  • Paypal accepted
  • CySEC & FCA regulated
  • Buy 12+ cryptocurrencies
4.5/5

Visit Site
75% of retail investor accounts lose money when trading CFDs with this provider.
eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Established stock-exchange listed company
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees and low spreads
    4.5/5

    Visit Site
    80.5% of retail investor accounts lose money when trading CFDs with this provider.
    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Views expressed are those of the writers only. Past performance is no guarantee of future results. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate. This website is free for you to use but we may receive commission from the companies we feature on this site.
      Avatar

      Jimmy has been following the development of blockchain for several years, and he is optimistic about its potential to democratize the financial system.