Xbooster Crypto-Mining Malware Found Hidden in Amazon Cloud (AWS)
Expert hackers have been hijacking computers to illegally mine crypto assets for a while now. Recently, one malware program has been discovered which is lurking on Amazon’s cloud to exploit the processing power of a large number of ordinary computers.
So far, the “Xbooster” malware has infected instruments using Windows OS to yield approximately $100,000 worth of monero, according to Krishna Narayanaswamy, founder and chief scientist of Netskope. Hackers are pirating computers to mine monero, which is more difficult to track than bitcoin, because it’s in the “sweet spot” of the amount of processing power required and the monetary benefit from doing so.
How Xbooster Affect Computers?
The Xbooster malware is hosted in the cloud on Amazon Web Services (AWS), according to Netskope. From there, a command-and-control server installs two programs on infected machines which is a monero miner and a manager that connects to the server. People accidentally install this malware on their computers by clicking a link in a “drive-by download.” This usually happens through an email campaign, a compromised website that shows up in search results, or the malware may be bundled with other types of programs like freeware or shareware.
Netskope indicated that the Xbooster malware is hosted in the cloud on Amazon Web Services (AWS) which helps a command-and-control server to install two programs on compromised machines. These programs include a manager that connects to the server and Monero miner. To avoid detection, the command-and-control module residing on AWS keeps the infected computer’s CPU usage low enough that its owner is unlikely to notice.
An AWS spokesperson said,
“AWS employs a number of mitigation techniques, both manual and automated, to prevent the misuse of the services. We have automatic systems in place that detect and block many attacks before they leave our infrastructure. Our terms of usage are clear and when we find misuse we take action quickly and shut it down.”
Netspoke has acknowledged that the hackers’ names and locations are not yet identified but the threat is ongoing and difficult to detect as the amount of money generated by the malware for its owners is somewhat dampened.