Malicious software detected for large-scale hidden mining on Kubernets clusters


The Paolo Alto Networks Research Unit found the deployment of new malware for hidden Monero Maineing, which extends to container applications based on Kubernets.

According to the UNIT 42 team, the attackers have already begun to infect the nodes of services, masking processes under the name Linux (BIOSET), implementing libraries based on LD_PRELOAD and encrypting data inside the binary file.

Scripts for cryptojections HildeGard are distributed from the first half of January, but still almost inactive. Therefore, researchers suggest that the Hacker Campaign is at the stage of intelligence and deployment.

The preparing attack may have serious consequences, since a malicious program is capable of not only to use computing resources in KUBERNETES environments, but also potentially extract confidential data from thousands of applications in clusters.

UNIT 42 believes that the development of new scripts is the TeamTNT hacker group responsible for the botnet for hidden Monero Maineing, which has infected millions of IP addresses, and launch a worm to steal information about Amazon Web Services accounts.

In the fall, MSI warned the owners of digital assets that their funds in cryptococheries may be dangerous due to the new

To develop the channel, your support is important to us, subscribe to the channel and put like.