1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Huawei Cloud hit with cryptomining malware

    From TechnologyDaily@1337:1/100 to All on Tue Oct 12 14:45:40 2021
    Huawei Cloud hit with cryptomining malware

    Date:
    Tue, 12 Oct 2021 13:25:26 +0000

    Description:
    Originally designed to attack containers, Linux malware has evolved to target cloud environments, claim researchers.

    FULL STORY ======================================================================

    A modified version of a Linux cryptomining malware that previously attacked containers now targets relatively new cloud service providers , particularly Huawei Cloud , report researchers.

    Cybersecurity analysts from TrendMicro have shared insights into the malware , and how it has evolved from last years container-attacking variant to go after cloud environments.

    In the post, the researchers share how malicious actors deploy code that removes applications and services present mainly in Huawei Cloud. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << We've put together a
    list of the best endpoint protection software Check our list of the best firewall apps and services Here's our choice of the best malware removal software on the market

    Analyzing the modus operandi of the attackers leads TrendMicro to believe
    that the threat actors are going after Amazon Elastic Cloud Service (ECS) instances inside Huawei Cloud. Weeding out competition

    The researchers note that the malware disables the hostguard service, a
    Huawei Cloud Linux agent process whose purpose is to detect and flag any security issues.

    Moreover, the malware contains an open source plugin agent thats designed to allow Huawei Cloud users to reset a password to their ECS instances.

    As threat actors have these two services present in their shell scripts, we can assume that they are specifically targeting vulnerable ECS instances inside Huawei Cloud, explain TrendMicro researchers Alfredo Oliveira, and David Fiser.

    In their analysis of the malware, the researchers note that interestingly it puts in the time and effort to search for and terminate any other malware running on the attacked cloud environment.

    More than any other samples and campaigns weve seen so far, this campaign performs a comprehensive sanitization of the operation system. It looks for both signs of previous infections and for security tools that could stop its malicious routines, the researchers comment.

    The researchers have shared their analysis with Huawei, but have yet to get a response. Protect your devices with these best antivirus software



    ======================================================================
    Link to news story: https://www.techradar.com/news/huawei-cloud-hit-with-cryptomining-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)