Rocke Group is back again with an Updated Malware

Rocke Blogs | IEMLabs

Recently, security researchers have detected an updated malware brought to action by the Rocke group. The threat actor Rocke was first reported in late July 2018 and is known for targeting cloud infrastructures with cryptojacking attacks. The ultimate goal of this threat is to mine Monero cryptocurrency in compromised Linux machines.

The updated malware is called Pro-Ocean and it was first discovered in 2019. The latest version of the malware has got “worm” capabilities and rootkit detection-evasion features.  It has a four-module structure, consisting of a rootkit module, a mining module, a Watchdog module, and an infection module. The malware has been used to exploit known vulnerabilities to target applications such as Oracle WebLogic , Apache ActiveMQ , and Redis (unsecured instances).

The malware basically uses a Python infection script to utilize its newly added worm capabilities while the rootkit capabilities are used to conceal the malicious activities. Moreover, it also uninstalls monitoring agents to avoid detection, attempts to remove other malware and miners before installation, and after installation kills any process that uses the CPU heavily.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!