Sunday, February 5, 2023
spot_img
HomeCyber CrimeBe Warned of this Evolving Cryptomining Malware

Be Warned of this Evolving Cryptomining Malware

A crypto mining campaign has been going on for years, and the defence evasion strategies used to stay undiscovered are constantly developing. Because of the shell script that launched the attack, the campaign is called Autom.

Malware campaigns by Autom

According to analysts, the effort has been running for three years and has developed in order to remain undetected.

  1. It was originally found in 2019, and since then, 84 attacks utilising the same shell script have been discovered.
  2. Cybercriminals began bypassing security features in 2020, and in 2021, they began utilising an obfuscating script.
  3. Only in the third quarter of 2021 did attackers launch at least 125 strikes.

Malicious software activities

Early assaults involved running a malicious command while running a vanilla image named alpine:latest, which then downloaded a shell script called autom[.]sh.

In recent years, the command that was added to the official image to perform the attack has remained largely unchanged. The shell script, on the other hand, is now obtained from a different site.

The shell script initiates the attack by allowing the attackers to create a new user account, (akay), and upgrade their privileges to root user, allowing them to run arbitrary commands and mine cryptocurrency.

Malware’s Development

The campaign’s early strikes in 2019 lacked the specific obfuscation techniques that it later developed.

To bypass security tools, the malware can disable security systems and obtain an obfuscated mining shell script that has been Base64-encoded five times.

The attacker further added concealing capabilities by downloading the log rotate[.]bin script and using it to start cryptomining activities by establishing a new cron job that would start mining every 55 minutes.

Conclusion

The threat actors behind the Autom campaign have shown a high level of proficiency in launching attacks while remaining undetected. Before such attacks infect them, security teams must strengthen their defences.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -spot_img

Most Popular

Recent Comments

亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us