Amazon Web Services (AWS) customers have been warned about hidden Monero miners, which allow attackers to steal AWS users' credentials to use their computing power to mine cryptocurrency.
From Bit2Me We recommend that users of certain applications within Amazon Web Services Check your systems for hidden cryptocurrency miners Monero, as cybersecurity researchers from Mitiga.io recently discovered that customers of the cloud computing service Amazon Elastic Compute Cloud o EC2, which use community-prepared Amazon Machine Images (AMIs), are at risk. If the Amazon machine contains a hidden Monero miner, it can consume all the computing resources rented by the customer to Amazon. At the same time, attackers leverage Monero, the privacy cryptocurrency, to hide their tracks as happens in most hidden mining scenarios.
The malware was discovered by researchers at the cybersecurity firm while assessing the infrastructure of AWS services at a client financial institution; at that time, they came across a hidden miner in the service that used the computing power of the device to illegally mine Monero cryptocurrency in the background.
According to researchers, the practice of mining cryptocurrencies in the background through malware is a practice that is unfortunately becoming common in the cryptocurrency industry.
It may interest you: Security: Several exchanges present vulnerabilities that put user funds at risk
The risk of unverified AMIs from the community
Amazon AMIs are services that are implemented by the community or by verified Amazon vendors that allow companies and entities to reduce the operating costs of computing power or computing power for their business operations. This is a very popular service, very useful and safe when contracted with authenticated and verified vendors, but in the case of AMIs developed by the community, which do not have the proper verification, such as the one discovered by Mitiga in a Microsoft Windows Server 2008 service, it represents a great risk for the companies, entities and devices that implement them.
Source: Mitiga
The scale of the affected entities or the devices infected with the malware is still unknown. The cybersecurity company also claims in its investigation that the AMI was created from the beginning with the purpose of infecting devices with the mining malware. Meanwhile, the analysts point out that the hackers published an infected image of the machine on AWS services in order to commit financial fraud: the client pays the bills, while the rented facilities are used to illegally mine cryptocurrencies to enrich them.
“Installing community-generated code on business-critical infrastructure carries significant risks, this is yet another example of the risk in today’s cloud markets, which offer solutions that are easy to use but capable of containing malicious code or executable files, often from unknown sources.”
Finally, Amazon's AWS services they point out that the use of community AMIs is at the users' “own risk”, and that the company is not responsible for guaranteeing the security or integrity of the companies and entities that implement them.
Continue reading: Wasabi Wallet has two vulnerabilities that affect the privacy of CoinJoin transactions
