Advertisement

New malware targets security to mine cryptocurrency undetected

By Nicholas Sakelaris

Jan. 17 (UPI) -- Researchers have uncovered a new type of malware that can remove security features on Linux cloud servers without detection.

The Palo Alto Networks' Unit 42 released a report Thursday that links the malware to Rocke, a group of hackers who infiltrate servers and use them to mine cryptocurrency.

Advertisement

"During our analysis, we realized that these samples used by the Rocke group adopted new code to uninstall five different cloud security protection and monitoring products from compromised Linux servers," Unit 42 said in a statement. "In our analysis, these attacks did not compromise these security products: rather, the attacks first gained full administrative control over the hosts and then abused the full administrative control to uninstall these products in the same way a legitimate administrator would."

The goal is to gain access to computing to mine cryptocurrency without being detected. It's one of the biggest threats to all connected devices, from mobile phones and Internet of Things devices to data centers.

The security products meant to detect these cyber invasions were developed by Tencent Cloud and Alibaba Cloud, the two leading cloud providers in China. Both are working on products to address the vulnerabilities. Unit 42 believes this is the first malware capable of targeting and removing cloud security products without anyone knowing.

Advertisement

This news comes as more businesses and individuals move more of their services to the cloud. The federal government also has a push to do more on the cloud.

Latest Headlines