Asian Cloud Service Providers Face Threats from CoinStomp Cryptominer

You are currently viewing Asian Cloud Service Providers Face Threats from CoinStomp Cryptominer

CoinStomp, a new malware family that mines cryptocurrencies on cloud services, has been discovered. This malware appears to be targeting cloud service providers in Asia at the moment.

The CoinStomp: What is it ?

The findings from CoinStomp are presented below.

CoinStomp provides a number of features, including timestamping, deactivating system-wide cryptographic policies, and employing a /dev/tcp reverse shell to initiate C2 communication.

On Linux systems, the timestamping feature manipulates timestamps using the touch command and a naturally available method of building a reverse shell or C2 communication channel.

Additionally, some evidence of a cryptojacking threat group known as Xanthe has been discovered in code. According to researchers, however, the evidence was insufficient to support this allegation.

Techniques that are anti-forensic

The malware tries to mess with Linux server cryptographic policies to avoid forensic actions against itself.

These restrictions are designed to prevent malicious executables from running. As a result, before engaging in any action, authors use the kill command to disable system-wide cryptographic settings.

Furthermore, any attempt by administrators to reverse that operation ensures that the malware fulfils its objectives.

CoinStomp uses a reverse shell to connect to its C2 server in the next stage. Additional payloads are then downloaded and executed as system-wide system services with root capabilities by the script.

Binaries for creating backdoors and a bespoke version of XMRig could be included in these payloads.

Conclusion

To undermine Linux security, the attackers are eliminating cryptographic policies. The employment of anti-forensic tactics suggests that attackers are also aware of incident response systems. These capabilities demonstrate attackers’ understanding and expertise in terms of cloud security, making it a serious danger.

Leave a Reply