Two Palo Alto Networks researchers published a detailed article on how a new type of crypto mining malware originating from the “Rocke group”, targets the cloud-based infrastructure.
It takes control of the PC, uninstalls the antivirus and installs a software to mine Monero, all without being noticed.
The researchers found that the crypto malware can uninstall at least five antivirus based on Linux servers including that of Alibaba and Tencent. In addition, the crypto-malware follows a guided uninstallation as per the manual.
All this is possible by exploiting a vulnerability in Apache Struts 2, Oracle WebLogic and Adobe ColdFusion on which an “a7.” script is downloaded that triggers the procedure.
This crypto-malware was discovered for the first time in August by Cisco’s Talos Intelligence Group and since then this type of malware has always updated infecting other machines.
Another cyber security company, Check Point Software Technologies, also noticed in November an evolution of the malware that mines Monero.
In fact, Monero remains the preferred crypto for hackers and, as a report made by some researchers of the Universidad Carlos III de Madrid and King’s College London shows, hackers have mined 4.32% of Monero in circulation.
Another finding is the increase in crypto-malware of over 4.000% over the last year as reported by a McAfee study.