Cryptomining Malware Can Hijack Alibaba ECS Instances

Share post:

Reports from Trend Micro show that threat actors exploit vulnerabilities in Alibaba ECS instances to install Cryptominers malware.

This is possible because all instances provide root access, allowing threat actors to gain access to the target server without any prior SSH root work.

Once compromised, the enhanced privileges allow the threat actors to access files and also create firewall rules that prevent the installed security agent from detecting any compromises or suspicious behavior.

Threat actors also used the ECS’ auto-scaling system (enables the service to automatically adjust computing resources based on the volume of user requests).

Once compromised, the threat actor can scale up their Monero mining power, causing additional costs for the instance owner. Anyone using Alibaba’s cloud service is advised to make sure their security settings are correct and follow best practices.

For more information, read the original story in Reuters.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways