Categories: Cryptocurrency Mining

Crypto mining malware found on Amazon Web Services


Cryptocurrency mining malware was found on the Amazon Web Services Marketplace in the form of a Windows 2008 virtual server AMI.

The malware was found by Mitiga, an incident readiness and response company. The firm was examining the marketplace’s security on behalf of a financial institution.

Monero mining malware

In a blog post discussing the malware, Mitiga notes, “Mitiga’s security research team has identified an AWS Community AMI [Amazon Machine Instance] containing malicious code running an unidentified Monero crypto miner. We have concerns this may be a phenomenon, rather than an isolated occurrence.”

While this particular piece of malware was designed to mine Monero, Mitiga says it could have also been used for other nefarious means. The cybersecurity company says it could have been used to plant ransomware with a delayed trigger, and it could have also been used to plant a backdoor that could access the entire EC2 infrastructure of the victim’s Amazon Web Services account.

Mitiga notes, “We advise AWS customers running EC2 instances based on Community AMIs to either verify them, terminate them, or replace them with ones provided by an AWS trusted vendor.”

Use trusted sources

Mitiga stresses that users exercise caution as the crypto mining malware was not the result of an exploit or misconfiguration. It was actually in existence on the EC2 instance from the initial setup.

Amazon has itself issued warnings to users about using trusted sources. The company has stated, “Amazon can’t vouch for the integrity or security of AMIs shared by other Amazon EC2 users. Therefore, you should treat shared AMIs as you would any foreign code that you might consider deploying in your own data center and perform the appropriate due diligence. We recommend that you get an AMI from a trusted source.”

As for the malware found in the Amazon Web Services Marketplace, Mitiga concludes, “The ease of making malicious AMIs available for public use, in our opinion, warrants the rather dramatic advisory warning we are issuing.”

Images courtesy of husjur02/Shutterstock, Tony Webster/Flickr

Jeff Francis

Jeff has taken a roundabout way to becoming a cryptocurrency writer. He has always had a huge interest in history, which led to him receiving a degree in medieval history. He once thought of becoming a teacher but eventually joined some friends in opening a hobby shop. Jeff eventually took over sole proprietorship of the business and ran it for over 10 years. He then moved on to online selling and then into gaming journalism. He has spent the last 10 years writing professionally for various websites as well as creating content for many businesses. A few years back, he began hearing about Bitcoin and the rise of other cryptocurrencies. A proponent of allowing people to take economic power into their own hands, Jeff has enthusiastically supported cryptocurrencies, not to mention the many benefits of blockchain technology. This interest propelled him to becoming a writer for, and later editor of, several cryptocurrency-focused websites. Jeff is a lifelong geek and gamer. He tries to keep up with the slew of TV shows and movies that fall into the fantasy/sci-fi/superhero genres, and he still plays pen-and-paper role-playing games on the weekends. He lives in Florida, USA, as he cannot stand cold weather.

Published by
Jeff Francis

Recent Posts

Last Chance to Win up to 12 BTC at the BC.Game TB Battle!

It’s about that time again where everyone is figuring out who they will vote for…

3 hours ago

George Clooney could lose $500M following Amal divorce due to prenup mistake: Rumor

George Clooney and Amal Clooney are, allegedly, divorcing, and the actor could lose half of…

13 hours ago

‘The Crown Tundra’ DLC: Ultra Beasts and where to find them

The arrival of Pokemon Sword and Shield’s second and last DLC has brought with it…

13 hours ago