CryptoWorm Steals Amazon User Data

  • Hackers taught cryptocurrency bot to steal Amazon credentials

  • Virus infects unprotected Docker or Kubernetes platforms

  • Attackers’ income from mining did not exceed $ 300

International consortium of news organizations developing transparency standards.

A virus designed for hidden cryptocurrency mining has learned to steal Amazon Web Services (AWS) credentials from infected servers.

Security experts at Cado Security have discovered a cryptocurrency worm that not only infects devices with malware for mining digital coins, but also searches the Internet for misconfigured or insecure Docker and Kubernetes platforms and steals AWS credentials.

Earlier, the editorial staff of BeInCrypto reported that hackers infected 10 supercomputers in Europe and mined Monero on them.

How it works

Docker services allow developers to create applications and modules that are not tied to a specific operating system and do not require all libraries to be present on it. They package applications into virtual containers that can run in an isolated Unix environment..

Having discovered unprotected storages, attackers deploy new containers to them and load scripts necessary for further attacks. If infected Docker or Kubernetes platforms are running on AWS infrastructure, the virus starts looking for files with credentials and account configuration information.

Who is the villain

Behind the creation of the worm is a relatively young hacker group TeamTNT, which specializes in the creation and distribution of malware for DDoS attacks and cryptocurrency mining..

According to experts from the British Cado Security, companies are increasingly moving their computing power to the cloud and use virtual containers. Hackers are guided by this trend and exploit the vulnerabilities of new technologies.

Cloned worm

Most cryptocurrency mining worms are a variety of other viruses. The authors simply copy the malicious code of their competitors and modify it a bit to suit their needs.

Amazon In Trouble For Using 800 Million User Data

So the worm created by TeamTNT contains a code borrowed from another worm called Kinsing, which blocks the protection of Alibaba Cloud..

CryptoWorm Steals Amazon User Data

The experts were unable to figure out how the hackers use the stolen credentials, while they were able to find two Monero wallets associated with the group. They contain about 3 XMR, which means that at the current exchange rate, the attackers have earned about $ 300. Keep in mind, however, that miners often use multiple wallets to cover their tracks..


All information contained on our website is published in good faith and objectivity, and for informational purposes only. The reader is solely responsible for any actions he takes based on the information received on our website..

Share Article

By admin