The AWS cloud service is used by several enterprises of various sizes around the world and, according to Cado's research, is put at risk of infection by a malware aimed at mining cryptocurrency by exploiting the hardware resources of the computers affected by the attack. From the researchers' analysis, a 64-bit ELF executable file has emerged, which draws from third-party GitHub hybrideries.
There are various types of malware, some more dangerous than others if ( jQuery ("# crm_srl-th_hardware_d_mh2_1").
As of today, it's not known the attack vector exploited for the distribution of malware in Lambda environments, however, the team hypothesizes the use of scripts aimed at acquiring access credentials or secret codes from configurations with insufficient protection measures.
The malware runs in memory a customized version of XMRig, a miner that exploits the hardware resources of the target systems to mine the Monero cryptocurrency. Consequently, the main purpose of Denonia would be precisely to provide a means to divert hardware resources towards the generation of resalable virtual currencies.
Cado researchers commented on the discovery highlighting one aspect in particular: although it is a somewhat "harmless" malware, since it only runs crypto-mining software, it still demonstrates that cyber-criminals they have an advanced knowledge of the cloud, since they have been able to exploit a rather complex infrastructure and this raises concern for possible more serious attacks that could be perpetrated in the future.
Read also: Antivirus | The best of 2022