AWS Lambda sees its first malware attack with Denonia, and we don’t know how it got there
https://www.techrepublic.com/article/aw ... got-there/
AWS Lambda is one of the many tools provided by Amazon Web Services. It allows the execution of code using a serverless method. Now, a group of cybercriminals has found a way to exploit it and run malware on it.
----
Once Denonia is running, it launches XMRig, a software made to mine Monero cryptocurrency. XMRig is started from memory and makes use of the only writable folder in a Lamba environment, /tmp. The malware then communicates with the IP address obtained from the DNS query, on port 3333, which is a Monero mining pool.
----
Cado Security’s Matt Muir said, “Although this first sample is fairly innocuous in that it only runs crypto-mining software, it demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, and is indicative of potential future, more nefarious attacks.”