Tech

Report: Amazon Cloud Is Being Used To Harvest Cryptocurrency By Hackers

Shutterstock.com

Daily Caller News Foundation logo
Kyle Perisic Contributor
Font Size:

Hackers are using malware hosted on Amazon’s cloud service to harvest cryptocurrency, according to a security software company.

The malware campaign, called “Xbooster,” has infected Windows operating systems and has harvested about $100,000 worth of the cryptocurrency Monero, according to Krishna Narayanaswamy, founder and chief scientist of Netskope — a U.S. company that helps companies use secure software-as-a-service (SaaS), Quartz reported on Tuesday.

“The attack kill chain used Amazon Web Services (AWS) and pay-per-install… model modus operandi,” wrote Netskope’s Ashwin Vamshi in a blog post on May 4. “Since the attack kill chain uses both the cloud and web, it makes it hard to detect the full scope of an attack and perform complete remediation.”

The hackers have targeted Monero, rather than the popular cryptocurrency Bitcoin, because of its privacy, speed, and mining capabilities.

Monero provides an “anonymous network layer applying privacy techniques to every single transaction,” Vamshi wrote. It produces cryptocurrency blocks “at an average of every 2 minutes, and Bitcoin blocks are produced at an average of  every 10 minutes.” Monero also “provides an egalitarian mining process and also the feasibility of CPU mining and browser-based mining for generating coins yielding a profitable revenue to its users.”

Windows users are tricked into clicking on a drive-by download, which is an unintended download without the user’s consent or knowledge, that downloads a Monero miner and a manager that connects to the server which delivers the cryptocurrency.

Cryptocurrencies have been on the rise ever since Bitcoin launched in 2009. Today there are almost 1,600 cryptocurrencies, according to Netskope.

“There are always newer ways of compromising machines,” Narayanaswamy said. “It’s amazing how many machines these threat actors manage to infect.” (RELATED: Why Amazon Associates Removed Legal Insurrection From Its Program)

“AWS employs a number of mitigation techniques, both manual and automated, to prevent the misuse of the services,” an AWS spokesman said in a statement. “We have automatic systems in place that detect and block many attacks before they leave our infrastructure. Our terms of usage are clear and when we find misuse we take action quickly and shut it down.”

Follow Kyle on Twitter @KylePerisic

Send tips to kyle@dailycallernewsfoundation.org

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.