Wednesday, May 29, 2024
HomeCyber Security BlogsRocke Group is back again with an Updated Malware

Rocke Group is back again with an Updated Malware

Recently, security researchers have detected an updated malware brought to action by the Rocke group. The threat actor Rocke was first reported in late July 2018 and is known for targeting cloud infrastructures with cryptojacking attacks. The ultimate goal of this threat is to mine Monero cryptocurrency in compromised Linux machines.

The updated malware is called Pro-Ocean and it was first discovered in 2019. The latest version of the malware has got “worm” capabilities and rootkit detection-evasion features.  It has a four-module structure, consisting of a rootkit module, a mining module, a Watchdog module, and an infection module. The malware has been used to exploit known vulnerabilities to target applications such as Oracle WebLogic , Apache ActiveMQ , and Redis (unsecured instances).

The malware basically uses a Python infection script to utilize its newly added worm capabilities while the rootkit capabilities are used to conceal the malicious activities. Moreover, it also uninstalls monitoring agents to avoid detection, attempts to remove other malware and miners before installation, and after installation kills any process that uses the CPU heavily.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us