Blockscroll

A Monero crypto-mining bot is stealing AWS logins for crypto jacking

 According to a report this week by Cado Security, a UK-based cybersecurity organization, hackers are stealing Amazon Web Services (AWS) credentials from its users, in order to deploy a new crypto-jacking botnet. At the time of this article, the attack is still active.
The firm declared this instance to be the first one where hackers are targeting Amazon tools to steal web credentials so that they can do crypto mining. According to the security firm, 119 systems have been hijacked till now.
This bot is not so old and quite recent in fact. It has been active since April, which means that the attackers have only recently started this hijacking. It has been deployed by a cybercrime group called “Team TNT.”
Attacking techniques
Hackers tap into the users’ Amazon accounts through exposed files. These files have configuration details for the underlying AWS account and this enables the attackers to get hold of them. This way they sweep into Amazon’s powerful resources to mine Monero.
The botnet infects the system’s “Docker” so that the attackers can scan the exposed credentials, upload them on a server and get full authority. Finally, they install a Monero mining bot and get their mining done. The attackers are basically using the resources of Amazon to get their crypto-jacking done.
Hackers could profit from the situation
Cado Security has noted that though the attacker has not yet used many of the stolen credentials but this does not mean that it will not. Once the attackers deploy the attack,  Team TNT will be there to boost its profit and this can be done either by  “installing crypto-mining malware in more powerful AWS clusters directly or by selling the stolen credentials on the black market”.

Annie Griffin

Annie Griffin

Annies cryptocurrency enthusiast whose everyday work is revolving around cryptocurrencies She enjoys writing articles and hopes to inspire others in his quest to bring this wonderful technology to the mainstream public.

Highlight option

Turn on the "highlight" option for any widget, to get an alternative styling like this. You can change the colors for highlighted widgets in the theme options. See more examples below.

Instagram

Instagram has returned empty data. Please authorize your Instagram account in the plugin settings .
Annie Griffin

Annie Griffin

Annies cryptocurrency enthusiast whose everyday work is revolving around cryptocurrencies She enjoys writing articles and hopes to inspire others in his quest to bring this wonderful technology to the mainstream public.

Categories count color

Advertisement

Small ads

Flickr

  • Handful
  • do not forget
  • Missing friend
  • Bau
  • Summertime (1955) - David Lean, Ph: Jack Hildyard
  • Summertime (1955) Katharine Hepburn (Jane Hudson), Rossano Brazzi (Renato de Rossi) - David Lean
  • No trouble
  • Ataraxy
  • Peace, love & soul

Social Widget

Collaboratively harness market-driven processes whereas resource-leveling internal or "organic" sources.

ThemeForest

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.