Science, Technology, and Social Media

Amazon Cloud Is Being Used To Harvest Cryptocurrency By Hackers

 

by Kyle Perisic

Hackers are using malware hosted on Amazon’s cloud service to harvest cryptocurrency, according to a security software company.

The malware campaign, called “Xbooster,” has infected Windows operating systems and has harvested about $100,000 worth of the cryptocurrency Monero, according to Krishna Narayanaswamy, founder and chief scientist of Netskope — a U.S. company that helps companies use secure software-as-a-service (SaaS), Quartz reported on Tuesday.

“The attack kill chain used Amazon Web Services (AWS) and pay-per-install… model modus operandi,” wrote Netskope’s Ashwin Vamshi in a blog post on May 4. “Since the attack kill chain uses both the cloud and web, it makes it hard to detect the full scope of an attack and perform complete remediation.”

The hackers have targeted Monero, rather than the popular cryptocurrency Bitcoin, because of its privacy, speed, and mining capabilities.

Monero provides an “anonymous network layer applying privacy techniques to every single transaction,” Vamshi wrote. It produces cryptocurrency blocks “at an average of every 2 minutes, and Bitcoin blocks are produced at an average of  every 10 minutes.” Monero also “provides an egalitarian mining process and also the feasibility of CPU mining and browser-based mining for generating coins yielding a profitable revenue to its users.”

Windows users are tricked into clicking on a drive-by download, which is an unintended download without the user’s consent or knowledge, that downloads a Monero miner and a manager that connects to the server which delivers the cryptocurrency.

Cryptocurrencies have been on the rise ever since Bitcoin launched in 2009. Today there are almost 1,600 cryptocurrencies, according to Netskope.

“There are always newer ways of compromising machines,” Narayanaswamy said. “It’s amazing how many machines these threat actors manage to infect.”

“AWS employs a number of mitigation techniques, both manual and automated, to prevent the misuse of the services,” an AWS spokesman said in a statement. “We have automatic systems in place that detect and block many attacks before they leave our infrastructure. Our terms of usage are clear and when we find misuse we take action quickly and shut it down.”

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org

DCNF

Share
Published by
DCNF

Recent Posts

We Are Different, and the Left Keeps Attacking Us For It

The Left loves to point fingers at Conservatives, calling us weird and blaming us for…

7 hours ago

Police Release Bodycam Footage Of Arrest Of Alleged Would-Be Trump Assassin

The Martin County Sheriff’s Department released footage Monday of the arrest of Ryan Wesley Routh…

12 hours ago

Strengthening Candidate Security With Campaign Funds Is A Common Sense Solution

As the Federal Election Commission (FEC) prepares to consider new regulations on Sept. 19 that…

12 hours ago

Ukraine Distances Itself From Would-Be Trump Shooter Who Said He’d ‘Die’ For Kyiv

Ukraine distanced itself from a man who had said he’d fight and “die” on Kyiv’s…

12 hours ago

Missed Car, Credit Card Payments Surge As Biden-Era Inflation Continues To Decimate American Bank Accounts

Americans are having an increasingly hard time making their credit card and car payments as…

13 hours ago