Cryptominers from TeamTNT Are Snatching AWS Credentials Security researchers have warned of a cryptomining exploit that snoops on credentials stored on Amazon Web Services (AWS). This exploit can be used to compromise cloud containers. By leveraging high computing power, cryptomining (also known by cryptocurrency mining or Bitcoin mining) can be used to create digital currency wealth. Although it is legal, it requires a lot of computing effort and usually only minimal gains. It is illegal to take over computing power of other organizations for mining. This explains the entire process. Hackers recently changed Kubernetes’ machine learning to cryptomining in Microsoft’s Azure cloud. Cado Security has again reported that Kubernetes was involved in the latest worm attack. “Over the weekend, we saw a crypto-mining virus spread that stole AWS credentials. Cado stated Monday that it was the first worm to contain AWS-specific functionality. The worm also steals local credentials and scans the internet looking for misconfigured Docker platform configurations. We have seen TeamTNT, an attacker who calls themselves TeamTNT, compromise several Docker and Kubernetes system. According to the firm, this attack is indicative of hackers targeting organizations that move computing resources to cloud containers environments. This trend will likely lead to more attackers replicating TeamTNT’s credential-stealing ability, which it borrowed from a previous virus. The worm installs malware, “offensive security tools” and cryptomining in addition to credential theft and credential mining. Cado stated that it had only discovered a $300 gain in cryptomining attacks, but cautioned TeamTNT that this worm was just one of many campaigns. The Cado post contains detailed information about the attack, its discovery, and other details. “These attacks aren’t particularly sophisticated but the many groups out there deploying Crypto-jacking Worms are successful in infecting large numbers of business systems,” Cado stated. He also offered the following tips to organizations to help them protect themselves.

office.com/setup – Office Setup 2019 – www.office.com/setup

office.com/setup.open Office Setup website www.office.com/setup in your browser.sign into your Office Setup account,Enter Office Product key to Proceed.

By PendergrassOn November 11, 2022

Identify the systems that store AWS credential files, and then delete them if they’re not needed. It is common for development credentials to accidentally be left on production systems.
To limit access to Docker APIs, use firewall rules. We recommend that you use a whitelisted approach to your firewall ruleset.
Check network traffic for connections to mining pools or use the Stratum mining protocol.
Check any connections that send the AWS Credentials File over HTTP.

Cado also credited other security research efforts against the cryptominers, such as Trend Micro, Malware Hunter Team, and r3dbU7z.