There is a new malware out there to watch out for. Dubbed the Rocke Malware, this form of cryptojacking has the ability to disable cloud security software so as to illicitly mine for Monero (XMR) undetected.
Rocke Malware Discovered
Cybersecurity firm Palo Alto Networks is the team behind the worrying discovery. It published a report yesterday saying that the hacking goes by the disguise the Rocke Group and is targeting public cloud systems.
If downloaded, the malware takes administrative control, uninstalls cloud security products and then inputs a code that mines for Monero cryptocurrency.
It’s exceedingly clever; the system follows procedures detailed on the service provider’s user manual on how to uninstall the Could Host Security product. By doing this, it doesn’t arouse suspicion and goes undetected.
What is Rocke Malware?
The software has the ability to uninstall five different cloud security products on Linux servers. These cloud security systems are the product of major Chinese cloud developers Alibaba and Tencent, and the malware looks to be selectively targeting them.
To mine for Monero without detection, the Rocke Malware attacks vulnerabilities in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion applications, and then downloads a shell script named a7.
Rocke can also kill any potential rival hackers trying to infiltrate the system. When it first arrives on the system, it avoids detection because it acts without malice.
Monero continues to be the chosen favorite of hackers. This is because its network has a high focus on privacy and user identities are concealed. It is incredibly difficult to trace transactions to the users on the Monero network. For this reason, the crypto is said to be chosen by criminals to send and receive illegal money.
According to a recent study, hackers have mined 4.32% of the total XMR in circulation. Further, a McAfee study published in December showed that incidents involving crypto mining malware grew over 4,000% in 2018.
Featured Image: Depositphotos © maxkabakov