Paolo Alto Networks Research Unit Uncovered Deployment Of New Monero Covert Mining Malware That Spreads In Kubernetes-Based Container Applications.
According to the Unit 42 team, attackers have already begun infecting service nodes by disguising processes as Linux (bioset), injecting LD_PRELOAD-based libraries and encrypting data inside the binary..
Hildegard’s cryptojacking scripts have been circulating since the first half of January, but have so far been largely inactive. Therefore, the researchers suggest that the hacker campaign is in the reconnaissance and deployment stage..
Malware detected for large-scale hidden mining on Kubernetes clusters
The impending attack could have serious consequences, as the malware is capable of not only using computing resources in Kubernetes environments, but also potentially extracting sensitive data from thousands of applications in clusters..
Unit 42 believes that TeamTNT, a hacker group responsible for the Monero stealth mining botnet that has infected millions of IP addresses and launched a worm to steal Amazon Web Services account information, is behind the development of the new scripts..
In the fall, MSI also warned digital asset owners that their funds in crypto wallets could be at risk due to the new Anubis virus..
text: Ivan Malichenko, photo: iStock