The network has a new type of malware that uses the computing power of cloud servers for mining cryptocurrency. The peculiarity of the virus is that it is not detected by security systems.
Researchers at the California-based cyber-security company Palo Alto Networks have published a report on the malicious group of Rocke scripts attacking cloud infrastructure objects. Once on the server, the virus gains administrative control and removes all security related components. Then the script injects code that uses Monero mining server capacity.
Investigating infected servers running Linux, experts found that the virus had successfully removed five different programs for the security of cloud servers. Among them, products of the largest cloud service providers in China – Alibaba and Tencent.
According to experts, Rocke exploits vulnerabilities in Apache Struts 2, Oracle WebLogic and Adobe ColdFusion software. A shell script called “a7” is loaded onto the server, which disables anti-mining software and hides its presence by disabling security systems.
“As far as we know, this is the first family of viruses that has the unique ability to impact and remove cloud infrastructure security products,” the researchers said.
It is worth noting that Monero still retains the title of the most popular cryptocurrency among hackers. Last week a study was published, the authors of which concluded that at least 4.32% of all Monero tokens in circulation were mined using cryptojacking.
In October, Monero developers launched a special site to combat this phenomenon. The resource contains information on how to remove XMR viruses from your computer. However, just a month later, the Israeli company Check Point Software Technologies spoke about the malicious miner KingMiner, which evolves so that it cannot be detected.