perm_phone_msgConsider your business risks? Chat With US

An AWS Virtual Machine Is Infected With Mining Malware. There Could Be Others – CoinDesk

Ransomware BCyber todayAugust 29, 2020 18

share close

A cybersecurity firm has unearthed a monero mining script embedded in a public instance of an Amazon Web Service (AWS) virtual machine. Now the firm is raising the question: How many other community Amazon Machine Instances (AMIs) are infected with the same malware?

Researchers at Mitiga revealed in a blog post Friday an AWS AMI for a Windows 2008 virtual server hosted by an unverified vendor is infected with a Monero mining script. The malware would have infected any device running the AMI with the purpose of using the device’s processing power to mine the privacy coin monero in the background – a malware attack that has become all too common in crypto’s digital wild west.

“Mitiga’s security research team has identified an AWS Community AMI containing malicious code running an unidentified crypto (Monero) miner. We have concerns this may be a phenomenon, rather than an isolated occurrence,” the blog post reads.

Mitiga discovered this monero script in a Community AMI for a Windows 2008 Server while conducting a security audit for a financial services company. In its analysis, Mititga concluded that the AMI was created with the sole purpose of infecting devices with the mining malware, as the script was included in the AMI’s code from day one.

“As to how Amazon allows this to happen, well, this is the biggest question that arises from this discovery, but it’s a question that should also be directed to AWS’s (sic) Comms team,” the team told CoinDesk over email.

CoinDesk reached out to Amazon Web Services to learn more about its approach to handling unverified AMI publishers but a representative declined to comment. Amazon Web Service’s documentation includes the caveat that users choose to use Community AMIs “at [their] own risk” and that Amazon “can’t vouch for the integrity or security of [these] AMIs.”

Mitiga’s principal concern is that this malware could be one of several bugs worming around in unverified AMIs. The fact that Amazon does not provide transparent data regarding AWS use exacerbates this worry, the firm told CoinDesk.

Mitiga recommends that any entity running a community AMI should terminate it immediately and search for a replacement from a trusted vendor. At the very least, businesses that rely on AWS should painstakingly review the code before integrating unverified AMIs into their business logic. 

Mining malware could actually be the most innocuous form of infection a business may experience, the firm continued in the post. The worst-case scenario includes an AMI installing a backdoor on a business’ computer or ransomware that would encrypt the company’s files with the aim of extorting it for money to regain access.

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat