Splunk Details Monero-Mining Malware Targeting Windows Servers on AWS

Fibo Quantum

The Splunk Threat Research Team revealed yesterday a cryptocurrency-mining malware campaign targeting Windows servers on Amazon Web Services (AWS). Once those instances are compromised they’re enlisted into a crypto botnet that, according to the report, has ties to a similar campaign that was active in 2018.

Splunk explained that the attack relies on the Telegram API that “malicious actors can [use to] turn desktop clients of compromised hosts into bots as they can issue commands remotely, download additional tools and payloads.” The campaign effectively uses the messaging service as its command and control infrastructure.

Wood Profits Banner>