- Security experts have detected a new crypto-mining malware targeting Kubernetes clusters.
- The malware is believed to be from TeamTNT.
New malware is reportedly targeting Kubernetes clusters, a set of nodes that run containerized applications, to mine cryptocurrencies unauthorizedly. The security researchers at Palo Alto Networks Inc. spotted the crypto-mining malware recently, adding that it might have originated from the TeamTNT, a notorious cybercrime group known for designing malware for mining Monero (XMR). The reported malware was first spotted in January, per the security researchers.
Crypto mining malware target Kubernetes clusters
When the malware, known as “Hildegard,” infects Kubernetes clusters, it quickly spreads to the containers before hijacking the system to unauthorizedly mine cryptocurrency, which is commonly referred to as cryptojacking. The security experts asserted that the crypto mining malware was from the TeamTNT cybercrime group because it uses similar domains and features used by the group in their previous attacks.
Hildegard, however, was equipped with other features to make it difficult to detect easily, according to the experts. They explained that this new crypto-mining malware used a similar process name as Linux to conceal its communications. Applications in the clusters can be disrupted amid the crypto-mining malware, the experts warn, adding that Kubernetes can easily be secured. However, it will require more work to patch and prevent the cryptojacking attack.
“In this complex attack, threat actors are leveraging a combination of Kubernetes misconfigurations and known vulnerabilities. […] DevOps and IT teams must closely coordinate with their counterparts in security to prioritize remediation, especially for external-facing assets and high-risk vulnerabilities,” the co-founder at Vulcan Cyber, Tal Morgenstern, commented.
The rise in malware attacks
Ransomware is the kind of malware that made more hits last year. In a recent report, Chainalysis, a blockchain analysis company, reported a drop in the number of illegal cryptocurrency transactions. However, attacks from ransomware significantly contributed to the record last year. For the record, ransomware attacks have increased by more than 300 percent since last year.