Huawei Cloud hit with cryptomining malware

Researchers suggest that the malware performs unprecedented level of sanitization for uninterrupted operations

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A modified version of a Linuxcryptominingmalware that previously attackedcontainersnow targets relatively newcloud service providers, particularlyHuawei Cloud, report researchers.

Cybersecurityanalysts fromTrendMicrohave shared insights into themalware, and how it has evolved from last year’s container-attacking variant to go after cloud environments.

In the post, the researchers share how “malicious actors deploy code that removes applications and services present mainly inHuaweiCloud.”

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Analyzing the modus operandi of the attackers leads TrendMicro to believe that the threat actors are going afterAmazon Elastic Cloud Service (ECS)instances inside Huawei Cloud.

Weeding out competition

The researchers note that the malware disables the hostguard service, a Huawei CloudLinuxagent process whose purpose is to detect and flag any security issues.

Moreover, the malware contains an open source plugin agent that’s designed to allow Huawei Cloud users to reset a password to their ECS instances.

“As threat actors have these two services present in their shell scripts, we can assume that they are specifically targeting vulnerable ECS instances inside Huawei Cloud,”explainTrendMicro researchers Alfredo Oliveira, and David Fiser.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In their analysis of the malware, the researchers note that interestingly it puts in the time and effort to search for and terminate any other malware running on the attacked cloud environment.

“More than any other samples and campaigns we’ve seen so far, this campaign performs a comprehensive sanitization of the operation system. It looks for both signs of previous infections and for security tools that could stop its malicious routines,” the researchers comment.

The researchers have shared their analysis with Huawei, but have yet to get a response.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Turns out most of us really don’t mind data centers