CoinStomp Malware Is Making The Rounds

Cado Security has uncovered a new malware family, named CoinStomp, which is targeting Asian cloud services providers to mine cryptocurrency. The firm’s researchers have found that the overall purpose of CoinStomp is to quietly compromise instances in order to harness computing power to illicit mine for cryptocurrency. Hijacking computers to mine for cryptocurrency has become a “thing” with various threat actors in recent years.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“Unfortunately, these types of attack campaigns are most successful when spreading their efforts across multi-cloud environments as most XDR and traditional SIEM solutions, while multi-cloud enabled or supported, cannot correlate and perform advanced analytics across multi-cloud environments. In addition, and an understanding of access entitlements to specific applications, user and entity behavioral baselining combined with self-learning out-of-the-box machine learning models can be extremely effective at escalating the impact of the threat activity that may be difficult to detect otherwise. We can see as part of this attack that access privilege violations can have a major impact on its success. This is extremely challenging for most current threat detection and response solutions to automatically detect and often requires a lot of manual analyst investigation to determine. However, there are a small subset of next generation SIEM vendors that are capable of employing some of the security capabilities outlined here.”

Cryptocurrency miners can sometimes be very hard to detect. But the video below might be of assistance in at least getting an idea as to if you might have this sort of malware running around in your environment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: