Alibaba Cloud Servers Hacked for Crypto-Mining

Threat actors are exploiting Alibaba Cloud (Aliyun) infrastructure to launch cryptocurrency mining malware, according to security experts. To achieve their crypto mining ambitions, cybercriminals are targeting Alibaba Elastic Computing Service (ECS) instances and deactivating specific security measures. According to analysts, Alibaba has a few distinctive features that make it a very appealing target for attackers.

On Monday, Trend Micro uncovered malware designed particularly for Alibaba Elastic Compute Service (ECS) instances, which are meant to deliver “fast memory and the newest Intel CPUs to help you power your cloud applications and produce quicker outcomes with minimal latency,” according to the company. Alternatively, to mine cryptocurrency in this scenario.

Cryptojacking is nothing new, but Trend Micro has found that thieves are increasingly targeting Alibaba’s cloud infrastructure to mine for Monero, which is untraceable.

When Cryptojacking malware is deployed in an Alibaba ECS bucket, the security agent usually notifies the user that a malicious script is active. According to Trend Micro’s investigation, despite the discovery, “the security agent fails to clear the ongoing compromise and is deactivated. “ “Looking at another malware sample shows that the security agent was also uninstalled before it could trigger an alert for compromise,” says the researcher.