Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Amazon’s cloud services are being used to serve mining malware
New cryptojacking threat uses ‘drive-by’ infection techniques to install Monero mining software.
As part of ongoing efforts to monitor the explosion of cryptocurrency mining malware over the last year or so, researchers have turned the spotlight on a new threat that is tucked away on Amazon’s AWS cloud services, looking to infect computers and use their processing power to mine cryptocurrency.
This ‘Xbooster’ malware has, so-far, netted its owner are $100,000 worth of the hard-to-track crypto, Monero. While that, in the run of things, is not such a large amount, researchers at Netskope, which has been tracking its progress, believe the threat to computers – which could suffer drops in performance, and become much more susceptible to other intrusive software – is growing, as the activities of Xbooster are quite hard to detect in isolation. That’s because the processor demand for Monero mining is small compared to Bitcoin – the hit could still be significant, though.
Interestingly, the software is being dropped onto computers via sites hosted by Amazon’s AWS cloud hosting services – though it is not connected in any way to the firm’s recent addition of blockchain-based suites of software for enterprise users. Krishna Narayanaswamy, founder and chief scientist of Netskope, told Quartz that the rise of Xbooster is “an ongoing issue,” adding that “we need to educate people about adopting security solutions.”
So-called ‘drive-by’ attacks usually involve getting people to click a link in a phishing email or compromised website. In this instance, when such an event happens, Xbooster installs mining and management elements on the infected machine. A similar scheme was recently exposed by InfoSec researchers, who claimed Egyptian internet tracking hardware was also hijacking computers to the same ends.
After seeking comment from Amazon, Quartz was told that “AWS employs a number of mitigation techniques, both manual and automated, to prevent the misuse of the services. We have automatic systems in place that detect and block many attacks before they leave our infrastructure. Our terms of usage are clear and when we find misuse we take action quickly and shut it down.”
Whether or not AWS staff are actively working to mitigate for Xbooster is unclear.
Investors Care Admin

Forum Jump:

Users browsing this thread: 1 Guest(s)