by Kyle Perisic
Hackers are using malware hosted on Amazon’s cloud service to harvest cryptocurrency, according to a security software company.
The malware campaign, called “Xbooster,” has infected Windows operating systems and has harvested about $100,000 worth of the cryptocurrency Monero, according to Krishna Narayanaswamy, founder and chief scientist of Netskope — a U.S. company that helps companies use secure software-as-a-service (SaaS), Quartz reported on Tuesday.
“The attack kill chain used Amazon Web Services (AWS) and pay-per-install… model modus operandi,” wrote Netskope’s Ashwin Vamshi in a blog post on May 4. “Since the attack kill chain uses both the cloud and web, it makes it hard to detect the full scope of an attack and perform complete remediation.”
The hackers have targeted Monero, rather than the popular cryptocurrency Bitcoin, because of its privacy, speed, and mining capabilities.
Monero provides an “anonymous network layer applying privacy techniques to every single transaction,” Vamshi wrote. It produces cryptocurrency blocks “at an average of every 2 minutes, and Bitcoin blocks are produced at an average of every 10 minutes.” Monero also “provides an egalitarian mining process and also the feasibility of CPU mining and browser-based mining for generating coins yielding a profitable revenue to its users.”
Windows users are tricked into clicking on a drive-by download, which is an unintended download without the user’s consent or knowledge, that downloads a Monero miner and a manager that connects to the server which delivers the cryptocurrency.
Cryptocurrencies have been on the rise ever since Bitcoin launched in 2009. Today there are almost 1,600 cryptocurrencies, according to Netskope.
“There are always newer ways of compromising machines,” Narayanaswamy said. “It’s amazing how many machines these threat actors manage to infect.”
“AWS employs a number of mitigation techniques, both manual and automated, to prevent the misuse of the services,” an AWS spokesman said in a statement. “We have automatic systems in place that detect and block many attacks before they leave our infrastructure. Our terms of usage are clear and when we find misuse we take action quickly and shut it down.”
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org
Democratic leaders blasting President Donald Trump’s military strikes on Iran say the situation differs from…
The Senate voted down legislation Wednesday aimed at blocking President Donald Trump from taking military…
Donald Trump has reversed all of the stupid, woke, insane policies of the failed and…
Democratic Rep. Jasmine Crockett claimed Tuesday, before losing a Democratic primary, that Republicans had “specifically…
For years, Washington treated critical minerals as a paperwork problem. If only permits moved faster,…
By basing their midterm pitch around “affordability,” Democrats are confidently demanding the keys to the…