Feb 8, 2022
46 Views
0 0

New CoinStomp cryptomining malware targeting cloud services

Written by


The IT security researchers at London, United Kingdom-based Cado Security have revealed details of a new malware family mainly targeting Asian cloud service providers to conduct cryptocurrency mining.
According to Matt Muir of Cado Security, the attackers are using CoinStomp malware in a highly sophisticated campaign designed to exploit CPU resources of targeted devices to mine cryptocurrency.
The malware comprises shell scripts that try to control “cloud computing instances hosted by cloud service providers” cryptomining, Cado Security’s blog post read.
The attack tactics of this campaign include timestomping, removing system cryptographic policies, and initiating C2 communications with the malicious software using a reverse shell. The script then downloads/executes new payloads as system-wide services with root privileges, including binaries to create backdoors and a custom XMRig version, a Monero mining software.
On the other hand, CoinStomp also issues commands to eliminate cryptographic policy files on a system and may even kill cryptographic processes.

About CoinStomp Capabilities

CoinStamp boasts several unusual capabilities. Such as, it relies on timestomping commands Linux systems to update file modification and access time. The malware also tampers with Linux server cryptographic policies, which can otherwise prevent malicious executables from being installed or executed on the system.
CoinStomp’s developer included this feature to disable system-wide cryptographic policies using a single Kill command, noted Cado Security.
The researchers further examined clues in code that hinted towards the involvement of a cryptojacking group called Xanthe. This group is connected to the Abcbot Botnet.

However, the company claims that the clue, which they discovered in a defunct payload URL, is insufficient to establish the involvement of Xanthe as it could very well be an attempt to “foil attribution.”

“CoinStomp demonstrates the sophistication and knowledge of attackers in the cloud security space. Employing anti-forensics techniques and weakening the target machine by removing cryptographic policies demonstrates not only a knowledge of Linux security measures but also an understanding of the incident response process.”  

Cado Security

More cryptomining malware news:

“CoinStomp demonstrates the sophistication and knowledge of attackers in the cloud security space. Employing anti-forensics techniques and weakening the target machine by removing cryptographic policies demonstrates not only a knowledge of Linux security measures but also an understanding of the incident response process.”  
400% increase in cryptomining malware attacks against iPhones
Malware hits Hive OS cryptomining users; steals funds from wallets
Police seize illegal cryptomining farm using thousands of PS4s, GPUs
Hackers using pirated software to spread new cryptomining Mac malware
DarkGate: New password stealer & cryptomining malware hits Windows devices

Your email address will not be published.







Super secure VPN
Minimal data logging
Favorable privacy policy
Visit IPVanish
HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source

Article Categories:
Malware

Comments are closed.