Upgraded crypto-mining malware now steals AWS credentials

The crypto-mining malware used by the cybercrime group TeamTNT has been updated with new functionality that allows it to steal AWS credent...

The crypto-mining malware used by the cybercrime group TeamTNT has been updated with new functionality that allows it to steal AWS credentials from infected servers.

The group has been operating since at least April of this year according to a report from Trend Micro, whose researchers discovered its cyptocurrency miner along with a DDoS bot used to target Docker systems while investigating an open directory containing malicious files first discovered by MalwareHunterTeam.

TeamTNT scans the internet searching for misconfigured Docker APIs that have been left exposed online without a password. When the group finds a vulnerable Docker system, it deploys servers inside the installation to launch DDoS attacks and run crypto-mining malware. 

However, TeamTNT is just one of many cybercrime gangs that employs similar tactics in order to take advantage of organizations whose systems are not properly secured online.

First cryptocurrency, now credentials

According to a new report from the UK-based security firm Cado Security, TeamTNT has expanded the scope of its malware to target Kubernetes installations while also adding a new feature that scans infected servers for any AWS credentials.

If an infected Docker or Kubernetes system runs on top of AWS infrastructure, the group scans for AWS credentials and configuration files, copies them and then uploads them to its command-and-control server. To make matters worse, both the ~/.aws/credentials and ~/.aws/config files stolen by TeamTNT are unencrypted and contain plaintext credentials and configuration details for a target's AWS account and infrastructure.

Thankfully though, the group has not yet used any of the stolen credentials according to researchers at Cabo Security who sent a collection of canary credentials to its C&C server which have yet to have been used.

Team TNT and its crypto-mining malware pose a serious threat to organizations as the group will likely be able to boost its profits significantly by either selling the stolen credentials or using them to mine additional cryptocurrency.

Via ZDNet

from TechRadar - All the latest technology news https://ift.tt/327UdOT



Apps,3824,Business,145,Camera,1145,Earn $$$,1,Gadgets,1669,Games,893,Mobile,1680,Technology,7673,Trailers,792,Travel,36,Trendly News,13128,Video,3,XIAOMI,11,
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Upgraded crypto-mining malware now steals AWS credentials
Upgraded crypto-mining malware now steals AWS credentials
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy