Sunday, July 21, 2024
HomeCyber CrimeAsian Cloud Service Providers Face Threats from CoinStomp Cryptominer

Asian Cloud Service Providers Face Threats from CoinStomp Cryptominer

CoinStomp, a new malware family that mines cryptocurrencies on cloud services, has been discovered. This malware appears to be targeting cloud service providers in Asia at the moment.

The CoinStomp: What is it ?

The findings from CoinStomp are presented below.

CoinStomp provides a number of features, including timestamping, deactivating system-wide cryptographic policies, and employing a /dev/tcp reverse shell to initiate C2 communication.

On Linux systems, the timestamping feature manipulates timestamps using the touch command and a naturally available method of building a reverse shell or C2 communication channel.

Additionally, some evidence of a cryptojacking threat group known as Xanthe has been discovered in code. According to researchers, however, the evidence was insufficient to support this allegation.

Techniques that are anti-forensic

The malware tries to mess with Linux server cryptographic policies to avoid forensic actions against itself.

These restrictions are designed to prevent malicious executables from running. As a result, before engaging in any action, authors use the kill command to disable system-wide cryptographic settings.

Furthermore, any attempt by administrators to reverse that operation ensures that the malware fulfils its objectives.

CoinStomp uses a reverse shell to connect to its C2 server in the next stage. Additional payloads are then downloaded and executed as system-wide system services with root capabilities by the script.

Binaries for creating backdoors and a bespoke version of XMRig could be included in these payloads.

Conclusion

To undermine Linux security, the attackers are eliminating cryptographic policies. The employment of anti-forensic tactics suggests that attackers are also aware of incident response systems. These capabilities demonstrate attackers’ understanding and expertise in terms of cloud security, making it a serious danger.

Previous article
Next article
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us